[Rails] Security issue: a user can fill cache with random urls
Łukasz Piestrzeniewicz
bragi.ragnarson at gmail.com
Wed Mar 1 16:16:41 GMT 2006
On 01/03/06, Gaspard Bucher <g.bucher at teti.ch> wrote:
> Say your app responds to : store/show/3 and caching is enable at the
> store controller level.
> All the following urls will be processed and cached (the cache
> filling with 'page not found' messages) !
> How can I avoid this ?
> Is there a way to disable caching 'on the fly', saying to rails :
> this page is an error, do not cache it.
I conditionally enable page caching for found pages only.
def show
@page = Page.find(param[:id])
if @page
render ...
cache_page
else
render error page
end
end
--
Łukasz Piestrzeniewicz
http://ragnarson.blogspot.com
More information about the Rails
mailing list