I always use save($data, array('fieldList' => array())) to protect against this problem regardless of the SecurityComponent.
Em terça-feira, 6 de março de 2012 18h06min37s UTC-3, nabeel escreveu: > > Hi all, > > I'm sure we've all heard about what happened with RoR and Github just > recently - > > https://github.com/rails/rails/issues/5228 > > http://arstechnica.com/business/news/2012/03/hacker-commandeers-github-to-prove-vuln-in-ruby.ars > > > So I can see how this could possibly be done in Cake as well (haven't > tried), but just adding a hidden field to the form with the values. > > So - what's the best way (in Cake) to protect against this? Is it > setting the allowed fields in the $this->Model->save() call? Is the a > better way? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php