View previous topic :: View next topic |
Author |
Message |
oklqh Smarty Rookie
Joined: 24 Jun 2004 Posts: 8
|
Posted: Fri Jun 25, 2004 7:30 am Post subject: a little security feature of cache |
|
|
i have a suggestion,maybe we can add '<?/*' after the first line of the cache file,so others can't access it from browser directly when the cache dir web accessible. |
|
Back to top |
|
messju Administrator
Joined: 16 Apr 2003 Posts: 3336 Location: Oldenburg, Germany
|
Posted: Fri Jun 25, 2004 7:48 am Post subject: |
|
|
don't make the cache dir accessible in the first place. |
|
Back to top |
|
oklqh Smarty Rookie
Joined: 24 Jun 2004 Posts: 8
|
Posted: Fri Jun 25, 2004 8:13 am Post subject: |
|
|
messju wrote: | don't make the cache dir accessible in the first place. |
thx for your reply,but i want to include smarty into my program and want the installer easier,so if add '<?/*' after the first line of the cache file,the cache dir can access in security.
it just a little feature i want~maybe you can consider it.thanks again. |
|
Back to top |
|
messju Administrator
Joined: 16 Apr 2003 Posts: 3336 Location: Oldenburg, Germany
|
Posted: Fri Jun 25, 2004 8:24 am Post subject: |
|
|
and if you have "*/" somewehre in your cached file you are doomed as before. |
|
Back to top |
|
oklqh Smarty Rookie
Joined: 24 Jun 2004 Posts: 8
|
Posted: Fri Jun 25, 2004 8:32 am Post subject: |
|
|
messju wrote: | and if you have "*/" somewehre in your cached file you are doomed as before. |
yes,but it's unusal,and '<?' can make the rest content invisible,i have test it,just give me an error with line number.
this feature is needed when my program with smarty run on a virtual host. |
|
Back to top |
|
messju Administrator
Joined: 16 Apr 2003 Posts: 3336 Location: Oldenburg, Germany
|
Posted: Fri Jun 25, 2004 9:25 am Post subject: |
|
|
don't put cache and templates_c inside the document root.
if you must put them there then secure them with a .htaccess-file.
that's the way to go. |
|
Back to top |
|
oklqh Smarty Rookie
Joined: 24 Jun 2004 Posts: 8
|
Posted: Fri Jun 25, 2004 9:55 am Post subject: |
|
|
messju wrote: | don't put cache and templates_c inside the document root.
if you must put them there then secure them with a .htaccess-file.
that's the way to go. |
many thanks to you.
i know you want people to get the safest way,but i think the developer team must consider that there are many progams running under virtual host and some web servers do not have .htaccess controller by user like apache.
i hope my post do not bother you,thx again. |
|
Back to top |
|
boots Administrator
Joined: 16 Apr 2003 Posts: 5611 Location: Toronto, Canada
|
Posted: Fri Jun 25, 2004 11:11 am Post subject: |
|
|
@oklqh: perhaps consider implementing a custom cache handler function |
|
Back to top |
|
oklqh Smarty Rookie
Joined: 24 Jun 2004 Posts: 8
|
Posted: Fri Jun 25, 2004 3:39 pm Post subject: |
|
|
boots wrote: | @oklqh: perhaps consider implementing a custom cache handler function |
yeah!a good idea too though it's difficult to me |
|
Back to top |
|
|