You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: draft-ietf-httpapi-idempotency-key-header.md
+6-5Lines changed: 6 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -309,14 +309,15 @@ Organization: WebEngage
309
309
This section is meant to inform developers, information providers,
310
310
and users of known security concerns specific to the idempotency keys.
311
311
312
-
When the resource server does not implement a strong idempotency key, such as an UUID or have appropriate controls to validate the idempotency key, it leads to various forms of security attacks.
312
+
When the resource server does not implement a strong idempotency key, such as an UUID or have appropriate controls to validate the idempotency key, there could be various forms of security attacks from malicious clients:
313
313
314
-
* When a resource server that does not have stricter enforcement on the format of the idempotency key, clients MAY send low entropy keys in requests. In absence of a stronger authorization merchanisms in the resource server, an attacker MAY try to fetch idempotent cache entries belonging to other clients.
315
-
* When a resource server directly uses the idempotency key in the client request to perform a cache or persistent store look up in order to evaluate the idempotency condition (including the detection of duplicate requests), it leads to many forms of security attacks (e.g. injection attacks) if the resource server does not implement a stronger validation mechanism for the idempotency key.
314
+
* When a resource server directly uses the idempotency key in the client request to perform a cache or persistent store look up in order to evaluate the idempotency condition (including the detection of duplicate requests), there could be many forms of security attacks (e.g. injection attacks) from malicious actors if the resource server does not implement a stronger validation mechanism for the idempotency key.
315
+
* When a resource server does not enforce stricter format for the idempotency key, clients MAY send low entropy keys in requests. In absence of a strong authorization merchanisms in the resource server, an attacker MAY try to fetch idempotent cache entries belonging to other clients.
316
316
317
-
The specification thus recommends the following for an idempotency key implementation.
318
317
319
-
* The resource server SHOULD always validate the key as per the published specification before processing any request.
318
+
The specification thus recommends the following for an idempotency key implementation:
319
+
320
+
* The resource server SHOULD always validate the key as per it's published specification before processing any request.
320
321
* Regardless of the specification of the idempotency key, the resource server MAY generate a server side idempotency key. Such a mechanism helps both towards reducing any form of security attacks, through the idempotency key, and preventing key collisons.
321
322
* If a resource server implements an idempotent resource cache, the resource server, before doing a cache lookup using the client-sent or server generated idempotency key, SHOULD perform appropriate authorization to prevent leaking of cache entries belonging to another client.
0 commit comments