OCT 23 2015

Securing Magento Cacheleak, Backupleak and Sessionleak


4 comments

Magento Cacheleak is an implementation vulnerability, result of bad implementation of web-server configuration for Magento platform. With such configuration web-server ignoring all or some .htaccess files shipped with Magento distribution or some directives from these files and therefor all private directories, including var/, var/backups/, var/cache/, var/session/ and so on are exposed to public, so it is possible for anyone get the list of backups or sessions and download it, extract data values from cache files… Read the rest
SEP 27 2015

Magento :: “Could not determine temp directory, please specify a cache_dir manually”

Symptoms Magento throws “There has been a problem processing your request” error. The following error is logged under var/reports/ or shown on any page: Cause Magento can not write cache to var/cache/ and var/tmp/ folders under Magento root directory. Either the directories do not exist or webserver can not write to these directories. Solution Make sure that var/cache/ and var/tmp/ folders exist under Magento root directory. If you can not find it, simply create it… Read the rest