Re: New to Cake -- Security Questions

2013-10-09 Thread schenkerstudio 
Sorry for the double post!  My previous post seemed lost until after I 
posted this one!

On Wednesday, October 9, 2013 12:48:03 PM UTC-4, schenke...@gmail.com wrote:
>
> Greetings,
> I am new to CakePHP.  I've tested several other frameworks (Laravel, 
> CodeIgniter, Symfony, Yii, and even a clever little one called PHPixie).  
> My choice is to go with CakePHP for various reasons, but mostly because it 
> makes sense to me.
>
> I like everything I see about CakePHP, but I am wondering how experienced 
> Cake developers handle security.  I know that this is a big topic and there 
> is no single answer, but what are the general steps you take to secure an 
> app in CakePHP?  I am talking about an app where I will be accepting form 
> inputs from logged-in users.
>
> Here's what I understand so far:
> 1. I really like the Cake Data Validation 
> class.  
> This seems to allow very nice control of form inputs.
> 2. I'm confused about the removal of the Data Sanitization 
> tool.  
> Was this done because there are better built-in methods for this, or is it 
> because the framework no longer handles sanitization?
>
> Can anyone please shed some light on general "good practices" on securing 
> CakePHP apps?
>
> Thank you!
>
> Matthew
>

-- 
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

--- 
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.

New to Cake -- Security Questions

2013-10-09 Thread schenkerstudio 
Greetings,
I am new to CakePHP.  I've tested several other frameworks (Laravel, 
CodeIgniter, Symfony, Yii, and even a clever little one called PHPixie).  
My choice is to go with CakePHP for various reasons, but mostly because it 
makes sense to me.

I like everything I see about CakePHP, but I am wondering how experienced 
Cake developers handle security.  I know that this is a big topic and there 
is no single answer, but what are the general steps you take to secure an 
app in CakePHP?  I am talking about an app where I will be accepting form 
inputs from logged-in users.

Here's what I understand so far:
1. I really like the Cake Data Validation 
class.  
This seems to allow very nice control of form inputs.
2. I'm confused about the removal of the Data Sanitization 
tool.  
Was this done because there are better built-in methods for this, or is it 
because the framework no longer handles sanitization?

Can anyone please shed some light on general "good practices" on securing 
CakePHP apps?

Thank you!

Matthew

-- 
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

--- 
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.

New Member - Basic Security Questions!

2013-10-08 Thread schenkerstudio 
Greetings,
I am new to this community -- and to CakePHP itself.  I have been testing a 
long list of PHP frameworks (CodeIgniter, Laravel, Symfony, Yii) and find 
myself really attracted to Cake because of the logic of how it works.  It 
just makes sense to me!

OK, for my actual questions on security...

1. I'm confused about about the Cake documentation entry stating that the 
Sanitize element is no longer being maintained 
(http://book.cakephp.org/2.0/en/core-utility-libraries/sanitize.html).  Is 
this because it is no longer needed, or is it because we are expected to 
find an external library for this purpose?
2. Is it enough to use this combination of elements in my apps:
(a) 
FormHelper
(b) 
SecurityComponent
(c) Cake 
Validation

I know security is a very big topic.  And I know we can never be 100% 
certain we have covered everything.  But when do Cake developers generally 
reach that balance where they have done enough?

Thanks,
Matthew

-- 
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

--- 
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.