RSS cache security question...

Blue Dragonfly

Hi,

Before I started playing around too deeply with this, I figured you developers probably already knew the question, so I'll ask.

Let's say a logged in user, or an admin, checks the RSS link, causing it to be generated and cached. It would, presumably, contain links to all items the user/admin had access to. But if a guest user then looks at the RSS link, and gets a cached copy, won't they also see links to content they have no access to?

I see that the RSS cache can be disabled, but if caching is enabled, it seems this could produce undesired results - especially for users whose album folder is in the web path, thus allowing full access to all album images even if they should have no access.

It looks like the sitemap skips any password-protected albums, so that's apparently unaffected by the cache anyhow.

sbillard

RSS Caching does not occur for users with ADMIN priviledges. You could still have issues with users with lessor privliledges getting RSS feeds.

Blue Dragonfly

In my case, there is only Admin and guest, no user accounts - so the caching shouldn't be a problem. It may be something to consider, though, for other scenarios where there are other users.

I don't know how feasible it would be to store a separate cache file with the user ID in the filename, and feed that through instead. OF course, for that to be secure, the cache folder would have to be above the web root, otherwise it would be easy to guess the cached filename for a given user (or admin).

I'll have to ponder it a bit!

acrylian

Probably we better should disable the cache for loggedin users at all to avoid this. Moving the cache by default outside the webroot is not an option as of course some shared hosts do not allow that at all.