> On 06/22/2011 01:11 AM, Tatsuo Ishii wrote: >> IMO because pgpool executes query in the same search_path, it's no >> problem as long as the user does not change search_path dynamically. >> >> If the user changes search_path dynamically, we could use >> md5(username+search_path+query_string+database_name). Of course this >> requires additional database inquire on search_path. Do we need this? > I think this is just a documentation issue. > > For possible security issues: shouldn't there be a secret value in the > key? Maybe this is a bit theoretical, but: MD5 isn't too strong, so if > one knows the username, database_name and query_string of a privileged > query, it is probably possible to create a collision using a query > like: > select * from test where val = 'cause collision using this text'; > > If there is a secret value in the key, causing a collision is not > possible as the attacker does not know the MD5 of the cache key.
What about verifying username? I mean: 1) Cache key is md5(username+query_string+database_name). Also we keep username in the cached data. 2) If cached query found, extract username from the cache data. Make sure that current username = the extracted username. -- Tatsuo Ishii SRA OSS, Inc. Japan English: http://www.sraoss.co.jp/index_en.php Japanese: http://www.sraoss.co.jp _______________________________________________ Pgpool-hackers mailing list [email protected] http://pgfoundry.org/mailman/listinfo/pgpool-hackers
