Open
Description
Intro
When flushing the OpCache from the CLI we create a file called allow-opcache.flush. This file is for security measurements. After this file is created the frontend controller checks for this file. If the file exists it is allowed to actually flush the OpCache. This provides a safe and secure way that only authorized methods / clients are able to flush. If this check is not in place anyone could flush the OpCache.
Suggested change
I think we have a few options
- On install create a secret key that is used when clearing the OpCache
- Add a conf item in the database that is bool true/false if a flush is allowed
- ???
Reason
There are users who prefer a "read only" environment. Writing/making files is not wanted.