well, with ajax and dynamic field injection in forms you need to disable the component or at least some fields in order to not get blackholed therefore I rather use the field whitelisting than enabling the security component but either way: one of those two options you should use to be on the safe side
-- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php