Thats sounds fair, but I was thinking rails would actually prevent this forgery by using a secret key koncept.
On 9 Feb., 19:34, Steven Bristol <[email protected]> wrote: > On Sat, Feb 7, 2009 at 12:27 PM, [email protected] > > > > <[email protected]> wrote: > > > I was wondering why you hardcoded the routes for the account > > controller. I added my own necessary actions but just out of curiosity > > I would like to know what benefits it brings this way apart security > > issues. > > > map.with_options(:controller => 'home') do |home| > > # these are for the in place editing > > home.home '/', :action => 'index' > > home.latest_comments '/latest_comments.rss', :action => > > 'latest_comments', :format=>'rss' > > home.newest_members '/newest_members.rss', :action => > > 'newest_members', :format=>'rss' > > home.tos '/tos', :action => 'terms' > > home.contact '/contact', :action => 'contact' > > home.male_search '/male_search', :action => 'male_search' > > home.female_search '/female_search', :action => 'female_search' > > home.age_search '/age_search', :action => 'age_search' > > home.all_search '/all_search', :action => 'all_search' > > home.update_rss '/update_rss', :action => 'update_rss' > > end > > > Cheers > > Thomas > > You mean as opposed to map.connect "/:controller/:action" etc? > > Because of the security concern. The default routes are the first > thing I delete from any rails app. > > cheers, > steven bristol --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Lovd by Less" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/lovdbyless?hl=en Who loves ya baby? -~----------~----~----~----~------~----~------~--~---
