Re: Security Component Question

[Florian Krämer]

Check the Code 
http://api.cakephp.org/2.4/source-class-SecurityComponent.html#322-338

Blackholing is nothing more than throwing a BadRequestException or 
triggering a callback.

I would not use an exception in that place.

On Friday, December 27, 2013 7:37:24 PM UTC+1, advantage+ wrote:
>
> Is there a way to force call blackhole based on model validation rules?
>
>  
>
> I have a validation method that I would like to call the blackhole if it 
> fails.
>
>  
>
> Thanks,
>
> Dave
>

-- 
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

--- 
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.

How to respond based on request method?

[Advantage+]

Trying to sort this out but not getting anywhere.

 

I need to respond based on how the request was made.

 

So first I need to know if the data was saved:

 

$saved = $this->User->save($this->Controller->request->data, true,
$forceFields);

Then return the saved / error message back to the user.

 

But then it gets messy and just looks wrong. Has to be a correct was as this
clearly is not it. (ajax response gets sent back as a JSON response)

 

SNIP FROM COMPONENT IN A PLUGIN (but gives you an idea)

 

if ($saved && !$this->Controller->request->is('ajax')) {



$this->Session->setFlash(__('Good stuff saved via HTTP
request.'));



} else {



$this->Session->setFlash(__('Nope via HTTP.'));

$this->Controller->redirect(array('action' => 'index'));

}





if ($saved && $this->Controller->request->is('ajax')) {



$response = array(

'status' => true,

'clear' => true,

'message' => 'Good stuff saved via ajax.');



} else {

 

$response = array(

'clear' => false,,

'message' => 'Nope via ajax.');

}

 

Thanks,

Dave

-- 
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

--- 
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.

Re: Dealing With Malicious Users

[hellospeakman]

I think it really depends on the developer, I would recommend using setFlash 
and redirect or even throwing an appropriate exception for simple enough 
applications.

You could also write to a log file when you suspect malicious activity and take 
note of any parameters or auth session details for review.

I would personally say don't try to auto ban or log them out it probably wont 
stop them.

HTH
 Stephen

Sent from my iPad

On 29 Dec 2013, at 23:19, "Advantage+"  wrote:

> I am working on a fairly large application and I am modify form fields, 
> trying to edit other people's records or just stuff you should not be doing 
> to test things out.
>  
> My question is how to handle these requests.
> Obviously what they are doing gets stopped but do you alert them with a 
> message Illegal Attempt? Log them out? Ban them? Record the error for admin 
> to review and decide later what to do.
> Simply dis-regard and do nothing and just a message saying error please try 
> again?
>  
> If someone is up to no good what is the best way to deal with this? How do 
> you handle it? What do you do?
>  
> Thanks for any and all insight you guys can provide.
>  
> Dave
>  
>  
> -- 
> Like Us on FaceBook https://www.facebook.com/CakePHP
> Find us on Twitter http://twitter.com/CakePHP
>  
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CakePHP" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cake-php+unsubscr...@googlegroups.com.
> To post to this group, send email to cake-php@googlegroups.com.
> Visit this group at http://groups.google.com/group/cake-php.
> For more options, visit https://groups.google.com/groups/opt_out.

-- 
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

--- 
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.

Dealing With Malicious Users

[Advantage+]

I am working on a fairly large application and I am modify form fields,
trying to edit other people's records or just stuff you should not be doing
to test things out.

 

My question is how to handle these requests. 

Obviously what they are doing gets stopped but do you alert them with a
message Illegal Attempt? Log them out? Ban them? Record the error for admin
to review and decide later what to do. 

Simply dis-regard and do nothing and just a message saying error please try
again?

 

If someone is up to no good what is the best way to deal with this? How do
you handle it? What do you do?

 

Thanks for any and all insight you guys can provide.

 

Dave

 

 

-- 
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

--- 
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.

Re: missing debug menu

[Stephen S]

This is the DebugKit plugin, see here: https://github.com/cakephp/debug_kit

You may already have it in your plugins folder so maybe you just need to
update bootstrap, see the instructions on the link above

Thanks
 Stephen


On 28 December 2013 16:54, roundrightfarm  wrote:

> Greetings,
> I just switched from cakephp 1.3 to 2.x.  in 1.3 there was a debug menu
> that would appear when Configure::write('debug', 2);  It was a pop-out menu
> that started in the upper right hand corner of the screen and would show
> you, among other things, which variables were set to a view.
>
> Is this menu gone from cakephp 2.x, or am I missing something
>
> Thanks
>
> --
> Like Us on FaceBook https://www.facebook.com/CakePHP
> Find us on Twitter http://twitter.com/CakePHP
>
> ---
> You received this message because you are subscribed to the Google Groups
> "CakePHP" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cake-php+unsubscr...@googlegroups.com.
> To post to this group, send email to cake-php@googlegroups.com.
> Visit this group at http://groups.google.com/group/cake-php.
> For more options, visit https://groups.google.com/groups/opt_out.
>



-- 
Kind Regards
 Stephen Speakman

-- 
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

--- 
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.

CakePHP Community 2013

[James Watts]

We've been very busy, and have a lot to show for it. Late last year we 
created the Community Center , as a central 
location for everyone to find their way around, and help people get 
involved with the project. This year we launched My 
CakePHP, 
as a hub for developers to create a profile, and unify the experience 
across all of our sites. The Cake Software 
Foundationwebsite also received a well overdue 
facelift. Additionally, after 
continuous requests, and with a little help from CakeDC , 
we improved the schedule for the official CakePHP 
training, 
which is now provided on a regular basis.

Earlier this year we also announced our agreement with Microsoft to make 
CakePHP available on Windows 
Azure. 
That doesn't mean you can't get your piece of the cake on other platforms, 
such as Rackspace's Cloud 
Sites,
 
Amazon's Elastic 
Beanstalkor
 RedHat's 
OpenShift , as well as other 
PaaS providers, like Pagoda 
Boxor 
Fortrabbit . There's a lot 
to choose from.

It was also great to see that, since our efforts last 
yearto
 extend the reach of the CakePHP community, both the Facebook interest 
page  and our 
official Twitter account  have reached over 
10,000 likes and followers each. The official 
groupon Facebook also 
surpassed 3,000 members, becoming even larger than groups 
for other major PHP frameworks. But the growth didn't stop there. We had 
almost 1 million more visits to the CakePHP sites compared to last year, 
with the CookBook  seeing nearly an additional 10 
million page views, reaching over 26 million. For more numbers and stats 
check out this year's community 
keynote
.

Which takes us to San Francisco, USA, where we held 
CakeFest2013, the annual conference dedicated to 
everything CakePHP. Over 80 
developers from around the world joined us for 4 days of workshops and 
conference. We listened to your feedback from the previous year and broke 
the workshop schedule into beginner and advanced sessions over the first 2 
days. This was then followed by another 2 days of 16 talks given by 12 
international speakers, as well as 
keynotes, 
lightning
 
talks,
 
core 
teamQ&A,
 and the 
raffle.
 
We took away some really 
memorable
 
moments,
 
the best of all being the "Hour of Contribution", where we saw everyone 
contributing to the project for an hour, in true open source fashion. It 
was a beautiful sight, and a humbling experience. Oh, and who could forget 
about the cake !

But wait, there's more. Work has been going strong on version 
3.0of CakePHP, with the new ORM 
almost ready for it's first developer preview 
release. The roadmap is 
slowly being completed, with the 
milestone 
available for 
anyone to join in on the fun. In the meantime, this year saw 
the release of versions 2.3 and 2.4 of the framework, with a sum of 28 
releases in total. There's also been a lot of activity in the developer 
community, with almost 6,000 additional questions 
taggedon Stack Overflow this past year 
alone. We also saw some 
interesting  
projectsreleased, a couple o