[MGNLCACHE-88] Allow to use a custom cache key generator per request Created: 25/Feb/15 Updated: 10/Mar/15 Resolved: 27/Feb/15 |
|
| Status: | Closed |
| Project: | Cache Modules |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 5.4 |
| Type: | Improvement | Priority: | Neutral |
| Reporter: | Roman Kovařík | Assignee: | Roman Kovařík |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Template: |
|
||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||||||||||
| Date of First Response: | |||||||||||||||||
| Epic Link: | DPC | ||||||||||||||||
| Comments |
| Comment by Jan Haderka [ 25/Feb/15 ] |
|
Wouldn't it be better to use request attribute rather than request header? With header you are allowing whomever creates the request to force the key generator which in theory can be used to exploit incorrectly written generators to get for example cached content of some user. |
| Comment by Roman Kovařík [ 27/Feb/15 ] |
|
Solved by |