Why URL as cache id is inherently dangerous

While this article focuses on Joomla, this is also valid for all sorts of web applications - from Drupal to nearly all cache classes on phpclasses.org - they all use the same, inherently faulty approach.


Read more at

http://www.bzzzz.biz/blog/joomla/why-url-as-cache-id-is-inherently-...

Views: 64

Tags: cache, joomla, security

Comment by Mitch Pirtle on March 24, 2010 at 9:35pm
I've always been a fan of using JCache's method cache for this very reason. It is a lot easier to cache all of the required data for a view this way, and you're protected from silly URL shenanigans as you end up only using the key that you wanted, in an explicit manner.

I think we all pretty much agree that view caching is only useful for generic, public pages - which most likely are cached as blocks and not at the view layer anyway.

That said, Joomla's cache is in dire need of some lovin'.

Comment

You need to be a member of All Together, As A Whole to add comments!

Join All Together, As A Whole

Badge

Loading…

Get Badge

© 2012   Created by Amy Stephen.

Badges  |  Report an Issue  |  Terms of Service

Sign in to chat!