jakarta-jcs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matt Wiseley (JIRA)" <j...@apache.org>
Subject [jira] Created: (JCS-31) Disk Cache returns wrong object for key
Date Mon, 22 Oct 2007 18:00:59 GMT
Disk Cache returns wrong object for key
---------------------------------------

                 Key: JCS-31
                 URL: https://issues.apache.org/jira/browse/JCS-31
             Project: JCS
          Issue Type: Bug
          Components: Indexed Disk Cache
    Affects Versions: jcs-1.3
         Environment: Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_11-b03)
Java HotSpot(TM) Server VM (build 1.5.0_11-b03, mixed mode)
Linux
            Reporter: Matt Wiseley
            Assignee: Aaron Smuts


The Indexed Disk Cache returns the incorrect object for a specified key if the disk cache
is accessed by a second JVM. Here is the scenario:

1. Start Tomcat with an app that uses JCS with Disk Cache.... get some stuff stored in the
disk cache.
2. Start another JVM (say, a command line program) that includes the same cache.ccf file in
its class path.
3. Upon exit of the 2nd JVM, the disk cache is cleared.
4. The JCS in the Tomcat JVM appears to be unaware of this and will start returning wrong
(but seemingly valid) data for key requests.

I noticed this when my web application started displaying the wrong page for a request. In
my case, this was a HUGE security problem, and it took me a long time to figure out this is
why it was happening. But I've been able to reliably reproduce this scenario.

I understand that the disk cache isn't meant to be accessed by multiple JVMs and shouldn't
be, but to allow this behavior to quietly happen is very dangerous. There needs to be some
kind of locking mechanism or error thrown to ensure this doesn't happen by accident (as it
was in my case).


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: jcs-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jcs-dev-help@jakarta.apache.org


Mime
View raw message