About trusting backends a bit less

82f2f25d · Poul-Henning Kamp · b92430cc · 82f2f25d · 82f2f25d · 82f2f25d
Commit 82f2f25d authored Aug 10, 2022 by Poul-Henning Kamp
Hide whitespace changes
Inline Side-by-side

Showing with 46 additions and 1 deletion

barriers.rst doc/sphinx/phk/barriers.rst +3 -1

index.rst doc/sphinx/phk/index.rst +1 -0

routine.rst doc/sphinx/phk/routine.rst +42 -0

No files found.
--- a/doc/sphinx/phk/barriers.rst
+++ b/doc/sphinx/phk/barriers.rst
@@ -14,7 +14,9 @@ if you find yourself thinking "Why did he do _that_ ? the answer has to
 do with security.

 The Varnish security model is based on some very crude but easy to understand
-barriers between the various components::
+barriers between the various components:
+
+.. code-block:: text

                .-->- provides ->---------------------------------------.
                |                                          |            |

--- a/doc/sphinx/phk/index.rst
+++ b/doc/sphinx/phk/index.rst
@@ -13,6 +13,7 @@ You may or may not want to know what Poul-Henning thinks.
 .. toctree::
 	:maxdepth: 1

+	routine.rst
 	503aroundtheworld.rst
 	legacy.rst
 	ip_address.rst

--- a/doc/sphinx/phk/routine.rst
+++ b/doc/sphinx/phk/routine.rst
+..
+	Copyright (c) 2022 Varnish Software AS
+	SPDX-License-Identifier: BSD-2-Clause
+	See LICENSE file for full text of license
+
+.. _phk_routine:
+
+========================
+Getting into the routine
+========================
+
+Yesterday we released `VSV00009 </security/VSV00009.html>`_, a pretty
+harmless DoS from the backend side, which could trivially be mitigated
+in VCL.
+
+By now handling security issues seem to have become routine for the
+project, which is good, because that is the world we live in, and 
+bad, because we live in a world where that is a necessary skill.
+
+From the very start of the project, we have treated backends
+as "trusted", in the sense that a lot of nasty stuff we try to handle
+from clients got "dont do that then" treatment from the backend.
+
+That was back when "cloud" were called "mainframes" and "containers"
+were called "jails", way back when CDNs were only for companies
+with more money than skill.
+
+Part of the reasoning was also maximizing compatibility.
+
+Backends were a lot more - let us call it "heterogenous" - back
+then.  Some of them were literally kludges nailed to the side of
+legacy newspaper production systems, and sometimes it was obvious
+that they had not heard about RFCs.
+
+For the problem we fixed yesterday, one line of VCL took care of
+the problem, but that is not guaranteed to always be the case.
+
+These days the "web" is a lot more regimented, and expecting
+standards-compliance from backends makes sense, so we will
+tighten the screws in that department as an ongoing activity.
+
+Poul-Henning, 2022-08-05