[TYPO3-dev] WARNING!?? tslib_patcher, pp_chashchecker

Popy popy.dev at gmail.com
Thu Aug 23 00:00:30 CEST 2007 

No cHash means same cache than no params. If we don't check its validity if
it is not in the url, it is a way to corrupt cache.

Example : if you look the page id=5&tx_ttnews[uid]=3 (so without cHash) and
if the page id=5 is not already cached, the plugin will generate the content
for the news id 3, but the content will be cached as it was the page id=5 !

By the way, many people make USER_INT plugins because they don't take care
of performance, or they don't want to learn how building nice links...

That's why i did make this extension, wich fix a possible security problem,
and ensure me that all my links are good (in combinaison with
pageNotFoundOnCHashError)

Of course, if somebody has a strong knowledge of the typo3 caching system,
i'll be happy to find some better solutions with him / them.

2007/8/22, Elmar Hinz <elmar07 at googlemail.com>:
>
> Hello developers,
>
> two extension have been uploaded to TER claiming to "correct bugs related
> to
> the cache hash" and/or to "increase the overall performances of your TYPO3
> website".
>
> tslib_patcher and pp_chashchecker
>
>
> Do this extensions really do what they promise to do or do they make
> matters
> worse?
>
>
> I am not fully sure, how they work, and there isn't that much
> documentation.
>
> To me it looks, that they check for a cHash whenever GET parameters are
> sent, even if GET parameters are send without a cHash to a USER_INT plugin
> by intention. That's the situation of well configured result browser links
> of search forms.
>
> In this case, according to my understanding, the check would fail and the
> complete page would not be cached but rerendered. That would have the same
> effect like sending the harmful "no_cache=1" parameter. The performance of
> high frequented search forms would decrease in a dangerous way.
>
> I am not fully sure about the mechanism. But I warn, not to use this
> extensions until there is a positive feedback from side of Michael Stucki
> that they really do no harm.
>
> What is your estimation. What do this extensions do? Do we need to send a
> warning to the user lists?
>
>
> Regards
>
> Elmar
>
> _______________________________________________
> TYPO3-dev mailing list
> TYPO3-dev at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-dev
>



-- 
Popy

Vulnerant omnes, ultima necat.

http://popy.sytes.net

More information about the TYPO3-dev mailing list