Since the key was created without adding a separator, it was possible to have illegitimate access to the cache by way of collocation. This is now fixed with reference to the go language version.
However, in order to solve this problem at all, I think it should be explicitly mentioned in the documentation that fields should not contain '$'; or the separator should be replaced with a hash value (string hash) associated with the field.
casbin-bot
commented
1 year ago
Since the key was created without adding a separator, it was possible to have illegitimate access to the cache by way of collocation. This is now fixed with reference to the go language version. However, in order to solve this problem at all, I think it should be explicitly mentioned in the documentation that fields should not contain '$'; or the separator should be replaced with a hash value (string hash) associated with the field.