vanya_elda on journalelfen: “Several users are able to see the f-locked and the private entries of other users/communities… [also the pages to] edit profiles, edit journal information/settings, managing userpics, and even checking your message inbox.”
Apparently it was just a “quickly resolved” bug that caused “the system [to] issue cached pages from the users who most recently visited the same page”. Sucks, but everyone makes mistakes, right?
Except it apparently went on for a lot longer than the officially stated “3 minutes”.
Except LJ has made a habit of screwing up.
And finally: Except the fact that it’s possible to screw up in this way belies bad design.
Why is private data even touching a caching system in the first place? A cache provides no benefit whatsoever for user-specific content, and that this even happened suggests the design is enough of a hackjob they *can’t* avoid caching it.
Bonus: The same update apparently broke the utilities people use to dump all their posts as a first step in moving to another site.
Originally published at Mining for Cows.