Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
cache: compatibility with crypto plugins #2613
One thing that came up during development of the cache plugin was the security implications for crypto plugins.
The current implementation of cache does not know about crypto plugins, and once decrypted will happily cache the data coming from there.
@petermax2 do you have any ideas concerning this?
The default approach could of course be to not store the cache, if something comes from a crypto plugin. We would need a way of detecting that though.
I think the easiest and most secure way would be to completely encrypt the cache with fcrypt. Unfortunately this is:
In the meantime I think we should simply give resolvers some config option to avoid caching in such situations.