(I somehow hit tab+enter and submitted my post before I was finished,
I'm sorry for the double post).
Hello,
I have a users table with a role field. When a user logs in the Auth
component stores that users info inside of:
$session->read('Auth.User.role')
Then inside of my view I can do something like this:
<?php if ($session->read('Auth.User.role') == 'administrator'): ?>
Give access to something only an admin should have, like an edit
button or something
<?php endif; ?>
I'm wondering if this kind of access control is safe or is there a way
a user could mess with this and set their session equal to
administrator? My sessions are stored in the database.
Check out the new CakePHP Questions site http://cakeqs.org and help others with
their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
