Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Paginated pages beyond last page + caching = dangerous #3880

Closed
swixpop opened this issue Feb 21, 2019 · 1 comment
Closed

Paginated pages beyond last page + caching = dangerous #3880

swixpop opened this issue Feb 21, 2019 · 1 comment

Comments

@swixpop
Copy link

swixpop commented Feb 21, 2019

#3616 seems like a serious security flaw. Any content cached using the current page number as part of the cache key becomes vulnerable. Continuously hitting page numbers beyond the last page will quickly overwhelm the cache. At the very least there could be a sane max page number. Right now hitting https://--------.com/blog/p999999999999999999 returns uncached content (lots of queries) and generates a new cache (takes up disk space). An attacker could hit continuously incremented urls and quickly fill up the disk or take down a site.
@brandonkelly
Copy link
Member

Yeah that sounds reasonable. Just limited it to 100,000 pages by default.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brandonkelly @swixpop