Welcome! Log In Create A New Profile

Advanced

Re: [PATCH] Auth basic: Cache credentials if auth_basic_user_file is static

Maxim Dounin
October 03, 2023 09:04PM
Hello!

On Tue, Oct 03, 2023 at 03:46:05PM -0700, Toshihito Kikuchi wrote:

> # HG changeset patch
> # User Toshihito Kikuchi <leamovret@gmail.com>
> # Date 1696359541 25200
> # Tue Oct 03 11:59:01 2023 -0700
> # Node ID e397ea6cfa85e85ae0865c5061397dc295fb7df1
> # Parent 3db945fda515014d220151046d02f3960bcfca0a
> Auth basic: Cache credentials if auth_basic_user_file is static.
>
> In the current design, when auth_basic is on, every HTTP request triggers
> file I/O (open, read, close) to the file specified in auth_basic_user_file.
> Probably this is to allow auth_basic_user_file to contain variables.
>
> If the value is just a static text, however, there is no reason to read the
> same file every request in every worker process. It unnecessarily consumes
> system resources.
>
> With this patch, if auth_basic_user_file does not have any variables, we
> cache its content in the location context at configuration time and use it
> in all subsequent requests. If auth_basic_user_file contain variables, we keep
> the original behavior.

As currently implemented, auth_basic_user_file is read at runtime,
making it possible to change users and their passwords - which is
a relatively common task - without reloading nginx itself. And
this behaviour matches the one in Apache, which does the same.
Changing this behaviour to read the password file while loading
configuration (so any changes to the file won't be applied unless
nginx is reloaded) would certainly break POLA, and needs some
really good justification.

Further, in typical setups the file is effectively cached by the
OS itself, making the I/O operations mentioned almost free,
especially compared to costs of typical password hash
calculations.

[...]

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH] Auth basic: Cache credentials if auth_basic_user_file is static

Toshihito Kikuchi 411 October 03, 2023 06:48PM

Re: [PATCH] Auth basic: Cache credentials if auth_basic_user_file is static

Maxim Dounin 134 October 03, 2023 09:04PM

Re: [PATCH] Auth basic: Cache credentials if auth_basic_user_file is static

Toshihito Kikuchi 150 October 04, 2023 05:34PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 99
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready