I haven't done your expieriment for you, but I don't see how this could circumvent secuirty - parseExtensions applies to which views get rendered, and Auth is done way before that, surely?
On Aug 25, 6:48 pm, Jonathan Snook <[EMAIL PROTECTED]> wrote: > I haven't had a chance to check this out in any detail and since there > are multiple people touching this app, I just wanted to ask: is it > possible to circumvent the Auth component by creating a request via a > JSON call (with parseExtensions enabled)? > > (I know I'm being really lazy here since I haven't bothered to > research it but just thought I'd ask and see if anybody had a quick > answer.) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---