Uploaded image for project: 'Cache Modules'
  1. Cache Modules
  2. MGNLCACHE-314

DOCS: Describe how to configure whitelistedKeyClasses

    XMLWordPrintable

Details

    • Task
    • Resolution: Unresolved
    • Neutral
    • None
    • None
    • None
    • None

    Description

      On https://docs.magnolia-cms.com/product-docs/6.2/Modules/List-of-modules/Cache-modules/Cache-Tools-app.html

      expand the note: 
      NOTE: To mitigate attacks against deserializers, the app only deserializes trusted data.

       

       

      DRAFT: 

      Simply make whitelistedKeyClasses configurable in /modules/cache-browser-app/config/whitelistedKeyClasses and user only has to populate the whitelisted classes to be serialized by the endpoint and cache app via info.magnolia.cache.browser.CacheBrowserAppModule. So we can prevent unwanted class is tried to be deserialized and thus execution of malicious code.

       

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                mdrapela Martin Drápela
                oanh.thai Oanh Thai Hoang
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:

                  Checklists

                    Task DoR