php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #58912 Work around for cache slam defense
Submitted: 2009-10-22 02:03 UTC Modified: 2016-11-18 20:53 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:0 (0.0%)
From: pecl dot php dot net dot alias at fremnet dot net Assigned:
Status: Wont fix Package: APC (PECL)
PHP Version: 5.3.0 OS: Centos 5
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: pecl dot php dot net dot alias at fremnet dot net
New email:
PHP Version: OS:

 

 [2009-10-22 02:03 UTC] pecl dot php dot net dot alias at fremnet dot net
Description:
------------
Hi there.

Our policy prevents us from using CVS level code *grumble* however, I believe I have come up with what might be an acceptable mitigation method for cache slam defense (ie: bug16814)

I'm aware of some of the pro's and cons with this method, but it seems to provide expected results.

cache slam defense - have issues writing and overwriting.
non cache slam defense - huge issue that can lead to explosion of apache
alternate defense - can still have explosion of apache, but hopefully not as extreme due to one write point...

If it's not convenient to do in module, or possible, well that's ok, but I thought I'd suggest it anyway.

Reproduce code:
---------------
function cache_store($entry, $value, $ttl = null) {
    $GLOBALS['please_cache_me'][$entry] = array(
        'value' => $value,
        'ttl'   => $ttl
    );
}

function cache_fetch($entry) {
    if (array_key_exists($entry, $GLOBALS['please_cache_me'])) return $GLOBALS['please_cache_me'][$entry]['value'];
    return apc_fetch($entry);
}

function cache_shutdown() {
    foreach ($GLOBALS['please_cache_me'] as $entry => $data) {
        apc_store($entry, $data['value'], $data['ttl']);
    }
}

register_shutdown_function('cache_shutdown');

cache_store('entry', 'value');
cache_store('entry', 'doh');
echo cache_fetch('entry');

Expected result:
----------------
doh

Actual result:
--------------
doh

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-11-18 20:53 UTC] kalle@php.net
-Status: Open +Status: Wont fix
 [2016-11-18 20:53 UTC] kalle@php.net
APC is no longer supported in favor of opcache that comes bundled with PHP, if you wish to use the user cache, then look at PECL/APCu.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 01:01:30 2024 UTC