You gave no indication this was to be a REST enabled application and as 99% of apps are not REST then the replies were valid.
Even then, the REST interface would surely not allow for manual input of Post IDs, this just smacks of allowing people to edit any Post in your database. You would not only need to check if the request was for a valid record, but check the person making the request was authorised to perform the action. HTH, Paul. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php