CHAPTER 16 ■ ADVANCED ZEND FRAMEWORK^241//Get the log instance
$log = Zend_Registry::get('log');//Log an emergency message with the encountered exception
$log->emerg($errorHandler['exception']->__toString());
}
}This integration logs the exception to a file instead of displaying it to the user. This will
allow you to create a custom error page for your users, without losing any of that critical debugging
error detail.■Tip Logging a uniqid() along with your error message, and displaying the unique code to the user, can
aid in production debugging by allowing you to correlate a user’s experience with log-file information.Caching
Caching is a critical part of any reasonably complex application. Whether you are caching static
pages or just the result of a SQL query, it is critically important to the performance of your
application that caching is sufficiently utilized.
The Zend Framework provides both block-level partial caching and entire-page caching.
Deciding when to use each is very important, as caching certain requests will lead to significant
headaches as well as significant security problems.Caching Security Considerations
Here are some guidelines for safe caching:- Cache data where the request’s inputs will result in the same output with each page
generation. For example, home pages are an excellent caching opportunity. - Do not cache any data that is the product of input that may contain personal information. It
may be used to create cross-domain scenarios that violate your users’ privacy and create
significant liability for your business. - Be sure that caching the output of the page will not circumvent your security model and
allow other users to read pages cached by a specific user. Take extreme caution when
caching pages that require any sort of authentication to access, as circumvention possi-
bilities are increased.
To better understand the security implications of caching, think of a web site with a member’s
area that contains a dashboard. You could create a scenario where when a user logs in, her
dashboard is cached. When the next user logs in, he is presented with the cached page. The
problem is the cache was the product of the first user’s login, and you’ve just disclosed personal
information to another user. Such caching scenarios are extremely common and have resulted
in some very high-profile embarrassments for major organizations.McArthur_819-9C16.fm Page 241 Friday, February 29, 2008 5:07 PM