morning Ismael, I think this was brought up a while back in quite a lengthy discussion, an interesting one mind you.
Basically, any function of your controller that you do not want publicly available via the browser should be pre-cursed with an underscore: function _myOptions() { } I think the gist of the discussion is that in php 4 these wouldn't be entirely private, but cake's dispatcher wouldn't supply it to the browser if requested directly. In php 5 i believe you can define private methods. stuck with an employer entrenched in php 4 i haven't had the time to play with this yet... something to look forward to. cheers, mikee On 06/11/06, Ismael S. Kafeltz <[EMAIL PROTECTED]> wrote: > > Hello all, i would like to know if there is a way to make > requestAction() only accept call from inside? > > I use requestAction to fill <select> tag with <option> element from > ajax, but it is possible to look in the source code and discovery > javascript call: updater(/my_controller/my_options) > > If the person copy and paste the url, he/she can call it. > > Some of my controller method are protected with permisson, but there > are some that are not, because they have public access in the *create > new login* area. > > Thanks in advanced. > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---