php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #58912 Work around for cache slam defense
Submitted: 2009-10-22 02:03 UTC Modified: 2016-11-18 20:53 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:0 (0.0%)
From: pecl dot php dot net dot alias at fremnet dot net Assigned:
Status: Wont fix Package: APC (PECL)
PHP Version: 5.3.0 OS: Centos 5
Private report: No CVE-ID: None
 [2009-10-22 02:03 UTC] pecl dot php dot net dot alias at fremnet dot net
Description:
------------
Hi there.

Our policy prevents us from using CVS level code *grumble* however, I believe I have come up with what might be an acceptable mitigation method for cache slam defense (ie: bug16814)

I'm aware of some of the pro's and cons with this method, but it seems to provide expected results.

cache slam defense - have issues writing and overwriting.
non cache slam defense - huge issue that can lead to explosion of apache
alternate defense - can still have explosion of apache, but hopefully not as extreme due to one write point...

If it's not convenient to do in module, or possible, well that's ok, but I thought I'd suggest it anyway.

Reproduce code:
---------------
function cache_store($entry, $value, $ttl = null) {
    $GLOBALS['please_cache_me'][$entry] = array(
        'value' => $value,
        'ttl'   => $ttl
    );
}

function cache_fetch($entry) {
    if (array_key_exists($entry, $GLOBALS['please_cache_me'])) return $GLOBALS['please_cache_me'][$entry]['value'];
    return apc_fetch($entry);
}

function cache_shutdown() {
    foreach ($GLOBALS['please_cache_me'] as $entry => $data) {
        apc_store($entry, $data['value'], $data['ttl']);
    }
}

register_shutdown_function('cache_shutdown');

cache_store('entry', 'value');
cache_store('entry', 'doh');
echo cache_fetch('entry');

Expected result:
----------------
doh

Actual result:
--------------
doh

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-11-18 20:53 UTC] kalle@php.net
-Status: Open +Status: Wont fix
 [2016-11-18 20:53 UTC] kalle@php.net
APC is no longer supported in favor of opcache that comes bundled with PHP, if you wish to use the user cache, then look at PECL/APCu.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 14:01:32 2024 UTC