Protect against attacks. #144
Conversation
An attacker can prevent new items from being admitted to the cache by artificially raising the frequency of the victims. This PR implements an strategy used in Caffeine to occasionnaly let items that would otherwise be rejected.
martinmr
requested review from
jarifibrahim,
karlmcguire and
manishrjain
as code owners
| // hash collision attacks, in which the score of the victims is artificially | ||
| // raised so that no new items are admitted into the cache. | ||
| // This strategy is implemented by Caffeine. | ||
| if incHits < minHits && !(rand.Int() % 127 == 0) { |
There was a problem hiding this comment.
You can replace the modulus % with a bitmask &. This was why 127 was chosen (2^n - 1) so that we could avoid the division at ~1% acceptance rate. The division vs mask was perhaps an over-optimization in this code path, though!
|
Due to using random eviction, you currently are not impacted by this attack. Caffeine is because LRU is a deterministic algorithm. However I think having some protection is good regardless since it is cheap and documented if you refactor away from random eviction someday. |
|
|
There was a problem hiding this comment.
@martinmr What's the status of this? Do we still need it?
Reviewable status: 0 of 1 files reviewed, 1 unresolved discussion (waiting on @jarifibrahim, @karlmcguire, @manishrjain, and @martinmr)
|
Closing this ticket since it's not a required feature. |
An attacker can prevent new items from being admitted to the cache by
artificially raising the frequency of the victims. This PR implements an
strategy used in Caffeine to occasionnaly let items that would otherwise
be rejected.
Fixes #131
This change is