OpenStack Object Storage (swift)

  1. Bug #1006414
  2. Comment #23

Comment 23 for bug 1006414

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to swift (master)

Reviewed: https://review.openstack.org/9105
Committed: http://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a
Submitter: Jenkins
Branch: master

commit e1ff51c04554d51616d2845f92ab726cb0e5831a
Author: Vincent Untz <email address hidden>
Date: Thu Jun 21 14:37:41 2012 +0200

    Do not use pickle for serialization in memcache, but JSON

    We don't want to use pickle as it can execute arbitrary code. JSON is
    safer. However, note that it supports serialization for only some
    specific subset of object types; this should be enough for what we need,
    though.

    To avoid issues on upgrades (unability to read pickled values, and cache
    poisoning for old servers not understanding JSON), we add a
    memcache_serialization_support configuration option, with the following
    values:

     0 = older, insecure pickle serialization
     1 = json serialization but pickles can still be read (still insecure)
     2 = json serialization only (secure and the default)

    To avoid an instant full cache flush, existing installations should
    upgrade with 0, then set to 1 and reload, then after some time (24
    hours) set to 2 and reload. Support for 0 and 1 will be removed in
    future versions.

    Part of bug 1006414.

    Change-Id: Id7d6d547b103b4f23ebf5be98b88f09ec6027ce4