I can't answer the other questions, but the reason it works publicly is it is used to rebuild the class map used for the autoloader. Yes, there's other ways of doing this (no, PSR-0 is not one of them). The current issue is figuring out the best way to do this with the least disruption to current flows (i.e., you can still do it on a production site without needing CLI access).
https://github.com/silverstripe/silverstripe-framework/issues/1692 is the discussion relating to this, for those that want to follow. On 17/07/2013, at 9:20 PM, Petah <[email protected]> wrote: > There are a few questions to raise here: > > 1. Why can a member of the public flush the cache? > > 2. Why has the NZ government chosen Silver Stripe over something like Drupal, > or other alternatives? > > 3. Does the government service providers have the knowhow and capabilities to > detect and prevent such attacks? > > 4. If someone did manage to use this, or something similar, what websites > would it effect and how would the public be affected? > > > > > On Wed, Jul 17, 2013 at 9:07 PM, Ivan Kurnosov <[email protected]> wrote: > It's actually pretty obvious that non-cached page takes longer to generate > (while I agree it's weird they provide a switch to flush the cache) :-) > Anyway, it's well known that the most resources consuming part of almost > every project is captcha generating endpoint. > > > On 17 July 2013 21:04, Christopher Tombleson <[email protected]> wrote: > True. But it a silly code error should have never been there in the first > place. > > > On Wed, Jul 17, 2013 at 8:59 PM, Ivan Kurnosov <[email protected]> wrote: > It's a pretty script-kiddy attack that can be defended in minutes using dummy > fail2ban, after rule is applied your traffic would produce literally no > noticeable influence on the project > > > On Wednesday, July 17, 2013 6:16:40 PM UTC+12, chtombleson wrote: > Hi, > > I have recently noticed a DOS vulnerability in Silverstripe 3, > I did some testing and it turned out I was right, > you can find my results here: > http://blog.cribznetwork.com/2013/07/silverstripe-3-dos-vulnerable/ > > Cheers, > Christopher Tombleson > > -- > -- > NZ PHP Users Group: http://groups.google.com/group/nzphpug > To post, send email to [email protected] > To unsubscribe, send email to > [email protected] > --- > You received this message because you are subscribed to the Google Groups "NZ > PHP Users Group" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > Christopher Tombleson. > http://cribznetwork.com > > -- > -- > NZ PHP Users Group: http://groups.google.com/group/nzphpug > To post, send email to [email protected] > To unsubscribe, send email to > [email protected] > --- > You received this message because you are subscribed to the Google Groups "NZ > PHP Users Group" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > With best regards, Ivan Kurnosov > > -- > -- > NZ PHP Users Group: http://groups.google.com/group/nzphpug > To post, send email to [email protected] > To unsubscribe, send email to > [email protected] > --- > You received this message because you are subscribed to the Google Groups "NZ > PHP Users Group" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- > -- > NZ PHP Users Group: http://groups.google.com/group/nzphpug > To post, send email to [email protected] > To unsubscribe, send email to > [email protected] > --- > You received this message because you are subscribed to the Google Groups "NZ > PHP Users Group" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > --- Simon Welsh Admin of http://simon.geek.nz/ -- -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected] --- You received this message because you are subscribed to the Google Groups "NZ PHP Users Group" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
