[eluser]vrencianz[/eluser]
Cached pages are vulnerable to DOS attack by making the cache size as large as the host storage size is.
Take the following controller and view as example:
Code:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Test extends CI_Controller
{
function index()
{
$this->output->cache(60);
$this->load->view('testview');
}
}
testview.php
Code:
<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod ...</p>
Then requests like:
Code:
http://localhost/test/index/1/
http://localhost/test/index/1/2
http://localhost/test/index/1/23
http://localhost/test/index/1/234
...
work and generate different cache files inside the 'cache' directory.
<b>Update</b>
This can be prevented from developer side by testing the number of segments from the url and rejecting those having more than expected. Hm.