JWT shouldn't be stored in cachedir #4239
Comments
|
Wouldn't it be easier to amend the instructions to omit the token files from being deleted by overzealous admins doing spring cleaning? This is not exactly an issue that the average DokuWiki user or even admin encounters. And I would not consider this to be a Bug either because deleting files in the cache directory is not a normal DokuWiki operation. Possibly a feature request.
Very creative but non-existent. ;-) |
Oops. my bad. I agree normally nobody has to manually clean the cache, and this is not a normal DW operation. But, pages, meta, attic files are not stored in the Anyway, it's for you to decide if this is a bug or not. Thanks for the reply on a Saturday. |
|
I agree, placing tokens in the cache dir might not be ideal. A PR for moving them to the meta dir as suggested would be welcome. |
The problem
Hi,
Currently, JWT are stored in cache directory.
The problem is that cache content could easily be removed by an admin who “knows” that cache files can be removed without causing any harm.
DW maintenance tips page proposes a cleaning recipe that will remove JWT files.
I suggest that JWT be stored somewhere else. Maybe meta dir is a better choice or
conf/tokenscould be created for that matter.If that makes sense to you too, I could try to write a PR so that DW would:
conf/tokenor$conf['metadir'],Version of DokuWiki
2024-03-14a "Kaos"
PHP Version
irrelevant
Webserver and version of webserver
irrelevant
Browser and version of browser, operating system running browser
irrelevant
Additional environment information
No response
Relevant logs and/or error messages
No response
The text was updated successfully, but these errors were encountered: