Hi Tony,
My question is, since the cached directory is public, is there any way i can protect it?
The simple answer to that is: Yes. The simple solution would be to store the cache outside of the web root. The elaborate solution would be to include a cached/.htaccess file that has the following:
[code] Order deny,allow Deny from all [/code]
Alternatively, is it possible to cache and serve the pages from a non-public directory?
Yes. Since caching is a server-side action, it is possible and (from a security standpoint) highly recommended to store the cached files outside of the web root to prevent unauthorized access. Unless - do you have JavaScript caching any data?
Hope this helps, -Kizano //----- Information Security eMail: [email protected] http://www.markizano.net/ -- List: [email protected] Info: http://framework.zend.com/archives Unsubscribe: [email protected]
