I can understand your point. You can never be secure without a good ACL system in place. But that doesn't mean you can't have both at some level.
I think I just like to keep the options open for interesting ideas. I don't know if I would ever encrypt the entire application, but perhaps just some things... maybe. I have worked on systems that are highly secured, very sensitive business data, to sites that are simply static content delivery networks. Of course you would never use goofy urls for anything that touched Google and the search engine buddies. But some applications, specifically intranets, use abstraction and deterrence as just another layer of security. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php