Mercurial > hg > nginx-quic
view contrib/README @ 6243:4821fc788c12
Cache: check the whole cache key in addition to hashes.
This prevents a potential attack that discloses cached data if an attacker
will be able to craft a hash collision between some cache key the attacker
is allowed to access and another cache key with protected data.
See http://mailman.nginx.org/pipermail/nginx-devel/2015-September/007288.html.
Thanks to Gena Makhomed and Sergey Brester.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 11 Sep 2015 17:03:56 +0300 |
parents | 1bdf906bba99 |
children |
line wrap: on
line source
geo2nginx.pl by Andrei Nigmatulin The perl script to convert CSV geoip database ( free download at http://www.maxmind.com/app/geoip_country ) to format, suitable for use by the ngx_http_geo_module. unicode2nginx by Maxim Dounin The perl script to convert unicode mappings ( available at http://www.unicode.org/Public/MAPPINGS/ ) to the nginx configuration file format. Two generated full maps for windows-1251 and koi8-r. vim by Evan Miller Syntax highlighting of nginx configuration for vim, to be placed into ~/.vim/.