I have just been messing around with my app and changing values in Ajax links with Firebug to see what happens...sure enough I can be logged in as user 1 and thru an Ajax form delete a post by User 2. Been reading about the Security Component but seems from what I have found is that it does not work with AJAX requests. Is this true? What is the best way to secure an app by preventing people from using Firebug to edit the code and submit/edit/delete info? I have general if this Auth User('id') = $this type setup for users/owners and so on but how can you prevent the data in forms from being manipulated? Thanks, Dave
--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---