5 Replies Latest reply on Jul 24, 2013 5:12 AM by Tim Goodman

    Is this a security issue on dev.day.com?

    Tim Goodman Level 1

      Here's a question about dev.day.com, from the security checklist:




      I noticed if you add a selector to the URL, e.g.




      It appears to hit the publish server (assuming it hasn't been hit before).  Has the DoS attack prevent script been implemented on this site?


      Also, you can just add a URL parameter to hit the publisher:




      Shouldn't it be possible to block unknown query params or uncacheable requests via the dispatcher or webserver?