—

Why it Matters

Magento supports different cache backends. Some, like Zend_Cache_Backend_File or in-memory array backends, are useful for development and testing but unsafe or inefficient for production. If dev backends are used on production, they can cause performance bottlenecks, unstable cache behavior, or even expose sensitive data if cache files are left world-readable.

Production should always use secure and scalable cache systems such as Redis or Varnish. This ensures consistent performance and reduces the risk of misconfiguration attacks.

Verification Steps

# Inspect app/etc/env.php for cache backend
grep -A3 'cache' app/etc/env.php

# Expected: Redis or Varnish backends, not "File" or "Array"

bin/magento cache:status
# Ensure cache is active and using correct backend

Remediation / Fix Guidance

1. Update env.php to configure Redis or Varnish for production:

   'cache' => [
     'frontend' => [
       'default' => [
         'backend' => 'Cm_Cache_Backend_Redis',
         'backend_options' => [
           'server' => '127.0.0.1',
           'port' => '6379'
         ]
       ]
     ]
   ]

2. Avoid using File or Array backends in production.
3. Test flushing and warming caches after changes to confirm stability.

Examples

# env.php
'cache' => [
  'frontend' => [
    'default' => ['backend' => 'File']
  ]
]
# Using filesystem cache in production → FAIL

# env.php
'cache' => [
  'frontend' => [
    'default' => ['backend' => 'Cm_Cache_Backend_Redis']
  ]
]
# Redis cache configured → PASS

References

• OWASP Top 10 — A05: Security Misconfiguration
• OWASP — Web Performance & Security Cheat Sheet