Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Invalid
-
jcs-1.3
-
None
-
None
-
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_11-b03)
Java HotSpot(TM) Server VM (build 1.5.0_11-b03, mixed mode)
Linux
Description
The Indexed Disk Cache returns the incorrect object for a specified key if the disk cache is accessed by a second JVM. Here is the scenario:
1. Start Tomcat with an app that uses JCS with Disk Cache.... get some stuff stored in the disk cache.
2. Start another JVM (say, a command line program) that includes the same cache.ccf file in its class path.
3. Upon exit of the 2nd JVM, the disk cache is cleared.
4. The JCS in the Tomcat JVM appears to be unaware of this and will start returning wrong (but seemingly valid) data for key requests.
I noticed this when my web application started displaying the wrong page for a request. In my case, this was a HUGE security problem, and it took me a long time to figure out this is why it was happening. But I've been able to reliably reproduce this scenario.
I understand that the disk cache isn't meant to be accessed by multiple JVMs and shouldn't be, but to allow this behavior to quietly happen is very dangerous. There needs to be some kind of locking mechanism or error thrown to ensure this doesn't happen by accident (as it was in my case).