Normally you have a user object stored in the session that's used to authenticate. Just include that in any query that needs to be locked down to a specific user.
On Sun, Jul 20, 2008 at 3:22 PM, <[EMAIL PROTECTED]> wrote: > > I searched the archives of this group and never found an answer to > this question. > > Suppose I have a page that is access via the URL > http://www.mydomain.com/mycontroller/5 > > There is nothing to stop a user from changing the URL to > http://www.mydomain.com/mycontroller/6 > and viewing a different record. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---