[jira] Closed: (JCS-31) Disk Cache returns wrong object for key

Wed, 27 Aug 2008 10:02:05 -0700 

     [ 
https://issues.apache.org/jira/browse/JCS-31?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Aaron Smuts closed JCS-31.
--------------------------

    Resolution: Invalid

This turned out to be the result of bad keys with improper equals and hashcode 
methods.  It wasn't a JCS bug.

> Disk Cache returns wrong object for key
> ---------------------------------------
>
>                 Key: JCS-31
>                 URL: https://issues.apache.org/jira/browse/JCS-31
>             Project: JCS
>          Issue Type: Bug
>          Components: Indexed Disk Cache
>    Affects Versions: jcs-1.3
>         Environment: Java(TM) 2 Runtime Environment, Standard Edition (build 
> 1.5.0_11-b03)
> Java HotSpot(TM) Server VM (build 1.5.0_11-b03, mixed mode)
> Linux
>            Reporter: Matt Wiseley
>            Assignee: Aaron Smuts
>
> The Indexed Disk Cache returns the incorrect object for a specified key if 
> the disk cache is accessed by a second JVM. Here is the scenario:
> 1. Start Tomcat with an app that uses JCS with Disk Cache.... get some stuff 
> stored in the disk cache.
> 2. Start another JVM (say, a command line program) that includes the same 
> cache.ccf file in its class path.
> 3. Upon exit of the 2nd JVM, the disk cache is cleared.
> 4. The JCS in the Tomcat JVM appears to be unaware of this and will start 
> returning wrong (but seemingly valid) data for key requests.
> I noticed this when my web application started displaying the wrong page for 
> a request. In my case, this was a HUGE security problem, and it took me a 
> long time to figure out this is why it was happening. But I've been able to 
> reliably reproduce this scenario.
> I understand that the disk cache isn't meant to be accessed by multiple JVMs 
> and shouldn't be, but to allow this behavior to quietly happen is very 
> dangerous. There needs to be some kind of locking mechanism or error thrown 
> to ensure this doesn't happen by accident (as it was in my case).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to