You are here: Foswiki>Tasks Web>Item772 (29 Jun 2010, KennethLavrsen)Edit Attach

Item772: Rare race condition in registration - damaged .htpasswd file

pencil
Priority: Normal
Current State: Closed
Released In:
Target Release: patch
Applies To: Engine
Component:
Branches:
Reported By: KennethLavrsen
Waiting For:
Last Change By: KennethLavrsen
This bug is copied over from TWikibug:Item6147 and seems likely to be relevant for us.

Tim has maybe some code from an extension we can look at

-- Kenneth Lavrsen

The registration process has a race condition. Today the .htpasswd file of twiki.org got cut in half, stopping at K entries. We had two registrations at exactly the same time (names obfuscated) :

| 10 Dec 2008 - 10:29 | MattOne | register | Main.MattOne | matt@example.com | 1.2.3.4 |
| 10 Dec 2008 - 10:29 | MartinTwo | register | Main.MartinTwo | martin@example.com | 5.6.7.8 |

We need to add locking to the .htpasswd file update to prevent this (very rare) race condition.

(Fortunately I did a backup just 30 min earlier, so nothing was lost except for one user's passwd entry.)

-- TWiki:Main/PeterThoeny - 10 Dec 2008

FWIW, this was evident by inspection when I wrote X509Plugin.

It does the necessary locking, so you can take the code from there. (However, note that X509 stores a bit more in the file than the standared authentication code does.)

-- TWiki:Main.TimotheLitt - 11 Jan 2009

-- KennethLavrsen - 15 Jan 2009

There has been recent work on this - i forget the bug number - and I'm pretty sure it can be closed.

-- CrawfordCurrie - 29 Jun 2010

Agree - it is a duplicate that has been addressed both in 1.0.9 and again recently for 1.1.0 where we have hardened the code even further.

-- KennethLavrsen - 29 Jun 2010

ItemTemplate edit

Summary Rare race condition in registration - damaged .htpasswd file
ReportedBy KennethLavrsen
Codebase trunk
SVN Range Foswiki-1.0.0, Thu, 08 Jan 2009, build 1878
AppliesTo Engine
Component
Priority Normal
CurrentState Closed
WaitingFor
Checkins
TargetRelease patch
ReleasedIn
Topic revision: r3 - 29 Jun 2010, KennethLavrsen
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy