m2-opcache-manager icon indicating copy to clipboard operation
m2-opcache-manager copied to clipboard

Published 20 hours ago verified publisher icon wiardvanrij

Change "allow flush" from file to something else - Making m2 readonly possible

Open wiardvanrij opened this issue 6 years ago • 0 comments

Intro

When flushing the OpCache from the CLI we create a file called allow-opcache.flush. This file is for security measurements. After this file is created the frontend controller checks for this file. If the file exists it is allowed to actually flush the OpCache. This provides a safe and secure way that only authorized methods / clients are able to flush. If this check is not in place anyone could flush the OpCache.

Suggested change

I think we have a few options

  • On install create a secret key that is used when clearing the OpCache
  • Add a conf item in the database that is bool true/false if a flush is allowed
  • ???

Reason

There are users who prefer a "read only" environment. Writing/making files is not wanted.

wiardvanrij avatar May 10 '18 13:05 wiardvanrij