morning Ismael,
I think this was brought up a while back in quite a lengthy
discussion, an interesting one mind you.
Basically, any function of your controller that you do not want
publicly available via the browser should be pre-cursed with an
underscore:
function _myOptions() {
}
I think the gist of the discussion is that in php 4 these wouldn't be
entirely private, but cake's dispatcher wouldn't supply it to the
browser if requested directly. In php 5 i believe you can define
private methods. stuck with an employer entrenched in php 4 i haven't
had the time to play with this yet... something to look forward to.
cheers,
mikee
On 06/11/06, Ismael S. Kafeltz <[EMAIL PROTECTED]> wrote:
>
> Hello all, i would like to know if there is a way to make
> requestAction() only accept call from inside?
>
> I use requestAction to fill <select> tag with <option> element from
> ajax, but it is possible to look in the source code and discovery
> javascript call: updater(/my_controller/my_options)
>
> If the person copy and paste the url, he/she can call it.
>
> Some of my controller method are protected with permisson, but there
> are some that are not, because they have public access in the *create
> new login* area.
>
> Thanks in advanced.
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Cake PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
