phabricator

archive/phabricator

Fork 0

Commit Graph

Author	SHA1	Message	Date
epriestley	39b4d20ce5	Create AphrontWriteGuard, a backup mechanism for CSRF validation Summary: Provide a catchall mechanism to find unprotected writes. - Depends on D758. - Similar to WriteOnHTTPGet stuff from Facebook's stack. - Since we have a small number of storage mechanisms and highly structured read/write pathways, we can explicitly answer the question "is this page performing a write?". - Never allow writes without CSRF checks. - This will probably break some things. That's fine: they're CSRF vulnerabilities or weird edge cases that we can fix. But don't push to Facebook for a few days unless you're prepared to deal with this. - >>> MEGADERP: All Conduit write APIs are currently vulnerable to CSRF! <<< Test Plan: - Ran some scripts that perform writes (scripts/search indexers), no issues. - Performed normal CSRF submits. - Added writes to an un-CSRF'd page, got an exception. - Executed conduit methods. - Did login/logout (this works because the logged-out user validates the logged-out csrf "token"). - Did OAuth login. - Did OAuth registration. Reviewers: pedram, andrewjcg, erling, jungejason, tuomaspelkonen, aran, codeblock Commenters: pedram CC: aran, epriestley, pedram Differential Revision: 777	2011-08-16 13:29:57 -07:00
epriestley	2b7210260f	Allow Phabricator storage engines to be extended and configured Summary: See T344. Currently, there's a hard-coded 12MB filesize limit and some awkward interactions with MySQL's max_allowed_packet. Make this system generally more robust: - Move the upload limit to configuration. - Add setup steps which reconcile max_allowed_packet vs MySQL file storage limits. - Add a layer of indirection between uploading files and storage engines. - Allow the definition of new storage engines. - Define a local disk storage engine. - Add a "storage engine selector" class which manages choosing which storage engines to put files in. - Document storage engines. - Document file storage classes. Test Plan: Setup mode: - Disabled MySQL storage engine, misconfigured it, configured it correctly. - Disabled file storage engine, set it to something invalid, set it to something valid. - Verified max_allowed_packet is read correctly. Application mode: - Configured local file storage. - Uploaded large and small files. - Verified larger files were written to local storage. - Verified smaller files were written to MySQL blob storage. Documentation: - Read documentation. Reviewed By: jungejason Reviewers: jungejason, tuomaspelkonen, aran CC: aran, epriestley, jungejason Differential Revision: 695	2011-07-21 16:44:24 -07:00

Author

SHA1

Message

Date

epriestley

39b4d20ce5

Create AphrontWriteGuard, a backup mechanism for CSRF validation

Summary:
Provide a catchall mechanism to find unprotected writes.

  - Depends on D758.
  - Similar to WriteOnHTTPGet stuff from Facebook's stack.
  - Since we have a small number of storage mechanisms and highly structured
read/write pathways, we can explicitly answer the question "is this page
performing a write?".
  - Never allow writes without CSRF checks.
  - This will probably break some things. That's fine: they're CSRF
vulnerabilities or weird edge cases that we can fix. But don't push to Facebook
for a few days unless you're prepared to deal with this.
  - **>>> MEGADERP: All Conduit write APIs are currently vulnerable to CSRF!
<<<**

Test Plan:
  - Ran some scripts that perform writes (scripts/search indexers), no issues.
  - Performed normal CSRF submits.
  - Added writes to an un-CSRF'd page, got an exception.
  - Executed conduit methods.
  - Did login/logout (this works because the logged-out user validates the
logged-out csrf "token").
  - Did OAuth login.
  - Did OAuth registration.

Reviewers: pedram, andrewjcg, erling, jungejason, tuomaspelkonen, aran,
codeblock
Commenters: pedram
CC: aran, epriestley, pedram
Differential Revision: 777

2011-08-16 13:29:57 -07:00

epriestley

2b7210260f

Allow Phabricator storage engines to be extended and configured

Summary:
See T344. Currently, there's a hard-coded 12MB filesize limit and some awkward
interactions with MySQL's max_allowed_packet. Make this system generally more
robust:

  - Move the upload limit to configuration.
  - Add setup steps which reconcile max_allowed_packet vs MySQL file storage
limits.
  - Add a layer of indirection between uploading files and storage engines.
  - Allow the definition of new storage engines.
  - Define a local disk storage engine.
  - Add a "storage engine selector" class which manages choosing which storage
engines to put files in.
  - Document storage engines.
  - Document file storage classes.

Test Plan:
Setup mode:

  - Disabled MySQL storage engine, misconfigured it, configured it correctly.
  - Disabled file storage engine, set it to something invalid, set it to
something valid.
  - Verified max_allowed_packet is read correctly.

Application mode:

  - Configured local file storage.
  - Uploaded large and small files.
  - Verified larger files were written to local storage.
  - Verified smaller files were written to MySQL blob storage.

Documentation:

  - Read documentation.

Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, epriestley, jungejason
Differential Revision: 695

2011-07-21 16:44:24 -07:00

Download

What's New

Blender Studio

Manual

Developers Blog

Documentation

Benchmark

Blender Conference

Development Fund

One-time Donations

2 Commits