Hello Andreas, thanks for checking, but as you can see from the app_controller above, I think I implemented the authentication properly. what you see at the link is just the "index" action, but when you klick on an "add" action: http://doidata.net/contributor_roles/add
there is the correct error message: "your are not allowed to acces this page" so it is still unclear to me how the delete action can be used without authentication... On 26 Okt., 22:27, Andras Kende <and...@kende.com> wrote: > Hello, > > Your site is not password protected so google robot just crawling > through the delete links.. > > http://doidata.net/contributor_roles/ > > Andras > > On Oct 26, 2009, at 4:36 PM, audioworld wrote: > > > > > I have a basic database management online athttp://doidata.net > > The access to the admin section is secured with a simple > > authentication which is hardcoded in the file /config/core.php > > In theory, when someone without the admin cookie set, access to the > > routes > > ../resource/delete/ID > > should be blocked. However, when I try this URL in the browser, it > > really works WITHOUT atuhentication, and the database entry is > > deleted!!! This was demonstrated last night by Google Bot which seems > > to try our every possible route, and deleted most of my entries.. > > > here are some lines from the APACHE acces log: > > 66.249.65.72 - - [24/Oct/2009:04:57:47 +0200] "GET /contributor_roles/ > > delete/15 HTTP/1.1" 200 604 "-" "Mozilla/5.0 (compatible; Googlebot/ > > 2.1; +http://www.google.com/bot.html)" > > 66.249.65.72 - - [24/Oct/2009:05:00:30 +0200] "GET /contributor_roles/ > > delete/12 HTTP/1.1" 200 604 "-" "Mozilla/5.0 (compatible; Googlebot/ > > 2.1; +http://www.google.com/bot.html)" > > > I am very thankful for any help to lock up my database edit/delete > > access, > > thanks, karl. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---