Fix #52818
closedMake RGW transaction IDs less deterministic
0%
Description
S3 API responses expose RGW transaction IDs in the `x-amz-request-id` header. The current format of these IDs is: 'tx{counter}-{timestamp}-{rgw-daemon-id}', where the variable components are:
counter: per-daemon incremental counter that resets on each process restart, encoded as a 21 digit hex value
timestamp: unix timestamp encoded as a hex value
rgw-daemon-id: concatenation of RGW daemon instance ID and zone name
This format poses a few concerns for the service provider use case.
1) The counter/timestamp values leak information about the backend servers (number of requests processed, request processing rates over time, time-frames of when daemons likely restarted).
2) A client that knows one transaction ID could conceivably guess other valid transaction IDs (potentially belonging to other clients) by brute-force checking the validity of subsequent counter values in combination with likely timestamps. For service providers that wish to expose transaction log search functionality to clients (indexed by transaction IDs), extra care would be needed in order to ensure isolation of tenant data.
The proposed solution is to change the counter to a randomly generated value instead of an incremental one.