If HTML is being cached and blog administrators and contributors use the same URL to log in for blog updates, a cached admin page might be displayed to anyone that happens to visit the blog. This allows any arbitrary visitor to be able to access the admin console and do anything that a admin can do.
There are two ways to avoid this situation:
- Do not log in for administrative tasks to the blog through the URL that the public uses to read the blog; instead log in to the blog via the origin for admin tasks. For example, if your blog URL is http://blog.mysite.com/, do not use http://blog.mysite.com/login.php for admin tasks; use the IP address of the blog's origin server or another host name that's not served through the Instart Logic service, such as http://xxx.xxx.xxx.xxx/login.php or http://blog-origin.mysite.com/login.php. This is the approach we use for our blog.
- Disable HTML caching in your property configuration for the blog domain or path. Be aware that this might increase the load on your origin services and increase the page load time.
Let us know what you decide and we can plan accordingly.