Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-18805

do not use .php file extension for cache files that contain serialized php

    XMLWordPrintable

Details

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Medium Medium
    • None
    • 2011.9, 4.6.0-dev
    • Caching
    • None

    Description

      Most of the eZ caches contain php arrays
      Some contain html
      Some contain serialized php

      The latter is:
      . bad for security, as without webserver rewrite rule protection, their content can be read from internet
      . bad for php opcode caches (APC), as they will try to optimize and cache what amounts to "strings"

      So we should
      1. make sure those files are not named .php but .cache instead, or .sphp
      2. probably not store serialized php anyway

      Attachments

        Activity

          People

            unknown unknown
            72f8acac-185f-4a54-9470-a7473f50daab@accounts.ibexa.co Gaetano Giunta
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated: