PHP缓存安全性:文件缓存与内存缓存
Are there any relevant security issues in using a file cache (i.e. PEAR Cache_Lite) to hold data (serialized arrays, objects) in PHP? Is a data cache more secure in memory, i.e. using memcache or APC?
使用文件缓存(即PEAR Cache_Lite)来保存数据(序列化数组,对象)是否存在任何相关的安全问题 在PHP? 数据缓存在内存中是否更安全,即使用内存缓存还是APC? p> div>
Since you mentioned: Security from hackers, the answer would be no..
If somebody is able to access your filesystem or system in general, they will have access to pretty much everything, including your mysql data.
When it comes to caching, the main extra worry you have is if you are sharing the server with other people.
If you are using memcache, you do want to make absolutely sure that nobody can access the memcache server from outside. Do you have a firewall? Do you only keep the ports open that you must?
If the answer to those is yes, then your biggest security problem is your own application.
When using a file cache, you at least get the built-in security of the underlying file system. I don't believe Memcached or APC have any kind of privilege separation, so other users on the same system could in theory access whatever you had stored in one of the aforementioned memory caches.