Smarty Forum Index Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon.

a little security feature of cache

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Feature Requests
View previous topic :: View next topic  
Author Message
oklqh
Smarty Rookie


Joined: 24 Jun 2004
Posts: 8

PostPosted: Fri Jun 25, 2004 7:30 am    Post subject: a little security feature of cache Reply with quote

i have a suggestion,maybe we can add '<?/*' after the first line of the cache file,so others can't access it from browser directly when the cache dir web accessible.
Back to top
View user's profile Send private message
messju
Administrator


Joined: 16 Apr 2003
Posts: 3336
Location: Oldenburg, Germany

PostPosted: Fri Jun 25, 2004 7:48 am    Post subject: Reply with quote

don't make the cache dir accessible in the first place.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
oklqh
Smarty Rookie


Joined: 24 Jun 2004
Posts: 8

PostPosted: Fri Jun 25, 2004 8:13 am    Post subject: Reply with quote

messju wrote:
don't make the cache dir accessible in the first place.

thx for your reply,but i want to include smarty into my program and want the installer easier,so if add '<?/*' after the first line of the cache file,the cache dir can access in security.

it just a little feature i want~maybe you can consider it.thanks again.
Back to top
View user's profile Send private message
messju
Administrator


Joined: 16 Apr 2003
Posts: 3336
Location: Oldenburg, Germany

PostPosted: Fri Jun 25, 2004 8:24 am    Post subject: Reply with quote

and if you have "*/" somewehre in your cached file you are doomed as before.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
oklqh
Smarty Rookie


Joined: 24 Jun 2004
Posts: 8

PostPosted: Fri Jun 25, 2004 8:32 am    Post subject: Reply with quote

messju wrote:
and if you have "*/" somewehre in your cached file you are doomed as before.

yes,but it's unusal,and '<?' can make the rest content invisible,i have test it,just give me an error with line number.

this feature is needed when my program with smarty run on a virtual host.
Back to top
View user's profile Send private message
messju
Administrator


Joined: 16 Apr 2003
Posts: 3336
Location: Oldenburg, Germany

PostPosted: Fri Jun 25, 2004 9:25 am    Post subject: Reply with quote

don't put cache and templates_c inside the document root.
if you must put them there then secure them with a .htaccess-file.
that's the way to go.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
oklqh
Smarty Rookie


Joined: 24 Jun 2004
Posts: 8

PostPosted: Fri Jun 25, 2004 9:55 am    Post subject: Reply with quote

messju wrote:
don't put cache and templates_c inside the document root.
if you must put them there then secure them with a .htaccess-file.
that's the way to go.

many thanks to you.
i know you want people to get the safest way,but i think the developer team must consider that there are many progams running under virtual host and some web servers do not have .htaccess controller by user like apache.

i hope my post do not bother you,thx again.
Back to top
View user's profile Send private message
boots
Administrator


Joined: 16 Apr 2003
Posts: 5611
Location: Toronto, Canada

PostPosted: Fri Jun 25, 2004 11:11 am    Post subject: Reply with quote

@oklqh: perhaps consider implementing a custom cache handler function
Back to top
View user's profile Send private message
oklqh
Smarty Rookie


Joined: 24 Jun 2004
Posts: 8

PostPosted: Fri Jun 25, 2004 3:39 pm    Post subject: Reply with quote

boots wrote:
@oklqh: perhaps consider implementing a custom cache handler function


yeah!a good idea too though it's difficult to me Very Happy
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Feature Requests All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP