@douglas: it destroys the whole concept of urls - to know where you currently are. bookmarking, history etc - everything doesnt work anymore. well, if you really want all that for an app - fine
but I am not convinced that "cloaking" urls adds any security. the "params" of urls shoudnt be what you need to wry about. its the content of them which should be secured. and this can be achieved via simple ACL, as well. if you focus all your effort on making urls unguessable instead of clean ACL but someone is able to get hold of it (sniffing, browser history, logging tools), the result is even worse than not having url encryption. On 19 Dez., 06:21, José Lorenzo <jose....@gmail.com> wrote: > I think the reasons for doing this are very narrow. But if you are > absolutely positive that you need to do it, then the best way would be to > not encrypt the url at all! Encryption can be broken with some level of > effort. My suggestion would be to create urls like tinyurl does, store the > params in database or cache, generate an unique url that will expire after > certain time or first use. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php