cfcache security issue?

2010-07-16 Thread Spencer K
Hi cfers, We are considering implementing cfcache on our busy site (CF8), but as I understand it, CFMX creates a page on disk for every unique set of URL variables. So what stops a malicious attacker performing an attack where they just flood a cached page with unique URLs?

Re: cfcache security issue?

2010-07-16 Thread Brian Kotek
Use action=clientcache? On Fri, Jul 16, 2010 at 12:11 PM, Spencer K spencer.4...@yahoo.com wrote: Hi cfers, We are considering implementing cfcache on our busy site (CF8), but as I understand it, CFMX creates a page on disk for every unique set of URL variables. So what stops a

Re: cfcache security issue?

2010-07-16 Thread Spencer K
...@gmail.com To: cf-talk cf-talk@houseoffusion.com Sent: Fri, July 16, 2010 9:34:28 AM Subject: Re: cfcache security issue? Use action=clientcache? On Fri, Jul 16, 2010 at 12:11 PM, Spencer K spencer.4...@yahoo.com wrote: Hi cfers, We are considering implementing cfcache on our busy site

Re: cfcache security issue?

2010-07-16 Thread Judah McAuley
security issue? Use action=clientcache? On Fri, Jul 16, 2010 at 12:11 PM, Spencer K spencer.4...@yahoo.com wrote: Hi cfers, We are considering implementing cfcache on our busy site (CF8), but as I understand it, CFMX creates a page on disk for every unique set of URL variables. So what

Re: cfcache security issue?

2010-07-16 Thread Dave Watts
You can set the maximum number of cached templates in the CF Administrator. I don't think the maximum number of cached templates affects CFCACHE. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB)

Re: cfcache security issue?

2010-07-16 Thread Judah McAuley
Yes, I agree. I tried to make that clear with the rest of the comment, but obviously I didn't. The bit about max number of cached templates was in there because I wasn't 100% certain that the author was trying to explicitly cache a rendered html page or if there was a misunderstanding and he was

Re: cfcache security issue?

2010-07-16 Thread Dave Watts
We are considering implementing cfcache on our busy site (CF8), but as I understand it, CFMX creates a page on disk for every unique set of URL variables. That's correct. So what stops a malicious attacker performing an attack where they just flood a cached page with unique URLs? I'm

Re: cfcache security issue?

2010-07-16 Thread Matthew Gersting
Spencer, If by chance your site is using Fusebox, you may want to look into Fusecache (fusecache.riaforge.comand, yes, a little self-promotional). It basically just sits on top and uses Memcached (on CF8...CF9 can use Memcached or EHCache).