You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: draft-ietf-httpapi-idempotency-key-header.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -309,16 +309,16 @@ Organization: WebEngage
309
309
This section is meant to inform developers, information providers,
310
310
and users of known security concerns specific to the idempotency keys.
311
311
312
-
Resource servers that do not implement strong idempotency keys, such as UUIDs, or have appropriate controls to validate the idempotency keys, could be victim to various security attacks from malicious clients:
312
+
Resource servers that do not implement strong idempotency keys, such as UUIDs, or have appropriate controls to validate the idempotency keys, could be victim to various forms of security attacks from malicious clients:
313
313
314
-
* When the resource server does not validate the idempotency key in the client request and performs a idempotent cache or persistent store lookup to evaluate the idempotency condition, including the detection of duplicate requests, there can be security attacks, primarily in the form of injection, compromising the server.
315
-
* When the resource server does not enforce a stricter format for the idempotency key and allows low entropy keys from clients, in absence of strong authorization mechanisms, an attacker MAY try to fetch idempotent cache entries belonging to other clients.
314
+
* Injection attacks-When the resource server does not validate the idempotency key in the client request and performs a idempotent cache lookup, there can be security attacks (primarily in the form of injection), compromising the server.
315
+
* Data leaks-When an idempotency implementation allows low entropy keys, attackers MAY determine other keys and use them to fetch existing idempotent cache entries, belonging to other clients.
316
316
317
317
To prevent such situations, the specification recommends the following best practices for idempotency key implementation in the resource server.
318
318
319
+
* Establish a fixed format for the idempotency key and publish the key’s specification.
319
320
* Always validate the key as per its published specification before processing any request.
320
-
* Regardless of the strength of an idempotency key, generate a server side idempotency key. This helps to both reduce any form of security attacks and prevent key collisons.
321
-
*Always perform appropriate authorization before doing a cache lookup using the idempotency key to prevent leaking of cache entries belonging to another client.
321
+
* On the resource server, implement a unique composite key as the idempotent cache lookup key. For example, a composite key MAY be implemented by combining the idempotency key sent by the client with other client specific attributes known only to the resource server.
0 commit comments