Are you applying the authorize login settings within the beforeFilter
()?
On Oct 26, 1:36 pm, audioworld <audiowo...@gmail.com> wrote:
> I have a basic database management online athttp://doidata.net
> The access to the admin section is secured with a simple
> authentication which is hardcoded in the file /config/core.php
> In theory, when someone without the admin cookie set, access to the
> routes
> ../resource/delete/ID
> should be blocked. However, when I try this URL in the browser, it
> really works WITHOUT atuhentication, and the database entry is
> deleted!!! This was demonstrated last night by Google Bot which seems
> to try our every possible route, and deleted most of my entries..
>
> here are some lines from the APACHE acces log:
> 66.249.65.72 - - [24/Oct/2009:04:57:47 +0200] "GET /contributor_roles/
> delete/15 HTTP/1.1" 200 604 "-" "Mozilla/5.0 (compatible; Googlebot/
> 2.1; +http://www.google.com/bot.html)"
> 66.249.65.72 - - [24/Oct/2009:05:00:30 +0200] "GET /contributor_roles/
> delete/12 HTTP/1.1" 200 604 "-" "Mozilla/5.0 (compatible; Googlebot/
> 2.1; +http://www.google.com/bot.html)"
>
> I am very thankful for any help to lock up my database edit/delete
> access,
> thanks, karl.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
