Hacker News new | past | comments | ask | show | jobs | submit login

Recently Redis aliased POST and Host: to QUIT for this reason.



It seems to me that they should quit on reading any input that they can't parse. At best silently ignoring bad input leads to software not doing what it's supposed to do. At worst it leads to attacks like this.

I realize this is contrary to "be conservative in what you do, be liberal in what you accept from others", but I never thought that was a good way to write software.


Postel's law / the robustness principle is a good way to write robust software, like a TCP implementation or an HTML parser. Most software doesn't need to be robust, though, and failing fast probably leads to less security issues than trying to continue on.


That's at the very least a much harder change to roll out, since if things are broken after a new version of Redis comes out people will blame Redis for breaking things.


I'm not very familiar with Redis, so I might be missing something here.

But if the choice, after a Redis update, is between: a) my software breaking and, hopefully, an error message saying "redis failure parsing 'XYZ'" or b) my software /maybe/ continuing to function, while passing commands to Redis that it's ignoring

I would always pick (a), and I think most programmers would think likewise.


Let's say you're using a cache server as a best-effort cache, and you take advantage of its ability to store complicated data structures. Your client implementation has a small bug with one of them, and ~1% of the time it sends something to the server that's not to spec. Right now, the server returns an error for that specific request, but doesn't drop the connection and continues processing later requests on the connection. You know about the errors, but they're not worth fixing.

Now the cache server has a security update, so you apply it right away. But now when it gets your invalid command it not only returns an error but it drops the connection. Your client doesn't handle this well, and now your caching is fully broken and your server falls over from the load.


That's exactly my point of view on the matter.


So if you were in a terminal, e.g. redis-cli, and you do a typo, you get disconnected?


Redis could know that its being queried via a terminal and not do that


I always thought of it as "skip spaces and accept 1'234,00 if you wait for a number", not what redis does. Liberal != indifferent.


Which versions are safe?


Currently the feature is only committed in the "unstable" branch, but for the next 3.2 patch release it will be merged.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: