New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix error with long keys in ActiveSupport::Cache::FileStore #15616
Conversation
Would not this give problems with cache key clashing? |
Related with #10894 |
how can the md5 not be unique ? |
fix error with long keys in ActiveSupport::Cache::FileStore
Sorry, missed the MD5 usage |
thanks @grosser 😄 |
I'm late to the party sorry but this seems to only solve the problem if Here's a test case that fails for me on eCryptfs after applying the patch from this pull request: def test_medium_keys
@cache.write("a"*500, 1)
assert_equal 1, @cache.read("a"*10000)
end Would it make sense to just always MD5 the key, or are there performance concerns with that approach? By the way, if we continue to compare |
already prepared a PR for you ;) |
@grosser ;) will join the discussion. Thanks for the link! |
By the pigeonhole principle. Putting |
Even if it's very unlikely, the fact that it's possible is a major problem. If we hash cache keys, we risk major security breach. To fix that, we'd need to store the original cache key along with the cached data and verify it before returning the result. |
Afaik memcached/dalli also uses that and nobody complained about it so far On Thu, Jun 26, 2014 at 8:31 PM, Jeremy Kemper notifications@github.com
|
@grosser @rafaelfranca