Uploaded image for project: 'Cache Modules'
  1. Cache Modules
  2. MGNLCACHE-314

DOCS: Describe how to configure whitelistedKeyClasses

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Neutral Neutral
    • None
    • None
    • None
    • None

      On https://docs.magnolia-cms.com/product-docs/6.2/Modules/List-of-modules/Cache-modules/Cache-Tools-app.html

      expand the note: 
      NOTE: To mitigate attacks against deserializers, the app only deserializes trusted data.

       

       

      DRAFT: 

      Simply make whitelistedKeyClasses configurable in /modules/cache-browser-app/config/whitelistedKeyClasses and user only has to populate the whitelisted classes to be serialized by the endpoint and cache app via info.magnolia.cache.browser.CacheBrowserAppModule. So we can prevent unwanted class is tried to be deserialized and thus execution of malicious code.

       

        Acceptance criteria

          1. whitelistedKeyClasses.png
            73 kB
            Oanh Thai Hoang

              mdrapela Martin Drápela
              oanh.thai Oanh Thai Hoang
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:

                  Task DoR