Details
-
Improvement
-
Resolution: Unresolved
-
Medium
-
None
-
2011.9, 4.6.0-dev
-
None
Description
Most of the eZ caches contain php arrays
Some contain html
Some contain serialized php
The latter is:
. bad for security, as without webserver rewrite rule protection, their content can be read from internet
. bad for php opcode caches (APC), as they will try to optimize and cache what amounts to "strings"
So we should
1. make sure those files are not named .php but .cache instead, or .sphp
2. probably not store serialized php anyway
Attachments
Issue Links
- relates to
-
EZP-16106 Increase view cache performance by using include instead of file_get_contents
- Open