Just to keep things on topic. For me the key points are: - SS3 requires admin privileges to flush the entire cache (expected) - SS3 does not require admin privileges to flush the current page cache (unexpected) - as Chris has outlined, a DoS attack using the ?flush=1 string results in a dramatically increased server load and response time when compared to a standard cached request - this issue has be known since Feb 2013 - currently (as in *today*) SS core devs are working on a fix which will be pushed to master and 3.1 - there are also some tips on the github issue that suggest .htaccess and apache config workarounds in the interim ( https://github.com/silverstripe/silverstripe-framework/issues/1692#issuecomment-21151232 )
Paul -- -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected] --- You received this message because you are subscribed to the Google Groups "NZ PHP Users Group" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
