Re: How safe is CakePhps auth component and other ..
Olaf, I had the same problem, though I put the disableCache method in the beforeRender() action in app_crontroller.php http://book.cakephp.org/view/988/disableCache Never fully confirmed it was Microsoft Proxy though all the problem cases had an IE7 user agent. On Sun, Sep 11, 2011 at 11:57 AM, Olaf Reitmaier Veracierta wrote: > Hi Milos, > > SSL is a must... take care of what happen recently to me: > > http://cakephp.19694.n2.nabble.com/Auth-ACL-proxy-server-mixed-up-sessions-td6535034.html > > Regards, > > Olaf. -- Simon Males -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: How safe is CakePhps auth component and other ..
Hi Milos, SSL is a must... take care of what happen recently to me: http://cakephp.19694.n2.nabble.com/Auth-ACL-proxy-server-mixed-up-sessions-td6535034.html Regards, Olaf. On 09/10/2011 02:36 PM, Miloš Vučinić wrote: Thank you very much, you are most kind ! All the best, Milos On Sep 9, 4:54 pm, Thomas Ploch wrote: 1.) The Auth component is safe. It uses a salted SHA1 encrypted pw by default. It auto-escapes the fields already, so you don't have to bother with it. Just use SSL to encrypt the connection to sensitive parts of the application to be on the (very) safe side. 2.) Well, if you use the Apache web server, and you configured it correctly to write the access.log file, you got everything you need there. (Other web servers have this feature too) Kind regards Thomas Am 09.09.2011 16:44, schrieb Miloš Vučinić: Hi, I have two questions and I hope someone can help me.. I am making application which needs to be relatively safe. So here are questions I have for you: 1. I am using auth component from cakephp , but I cannot escape the login fields because login component works for itself and I cannot edit it's code.. I am wondering is it sql injection safe and are there any possible problems with it regarding security ? 2. I need to log every http request made to my website (so that if someone tries to hack the web site that I have info about his IP address and what exactly they tried to do). I need exact link which was typed and ip address of a computer which made the request. A whole http request would be nice but at least these two. Is there any way to do this (like a pre build component), or where in my source code should I place the code for this .. ? Thank you , all the best Milos -- - "You don't know where your shadow will fall", Somebody.- - Ing. Olaf Reitmaier Veracierta - Personal Web Page -- http://olafrv.com -- i...@olafrv.com - -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: How safe is CakePhps auth component and other ..
Thank you very much, you are most kind ! All the best, Milos On Sep 9, 4:54 pm, Thomas Ploch wrote: > 1.) The Auth component is safe. It uses a salted SHA1 encrypted pw by > default. It auto-escapes the fields already, so you don't have to bother > with it. Just use SSL to encrypt the connection to sensitive parts of > the application to be on the (very) safe side. > > 2.) Well, if you use the Apache web server, and you configured it > correctly to write the access.log file, you got everything you need > there. (Other web servers have this feature too) > > Kind regards > Thomas > > Am 09.09.2011 16:44, schrieb Miloš Vučinić: > > > > > > > > > Hi, > > I have two questions and I hope someone can help me.. > > > I am making application which needs to be relatively safe. So here are > > questions I have for you: > > > 1. I am using auth component from cakephp , but I cannot escape the > > login fields because login component works for itself and I cannot > > edit it's code.. I am wondering is it sql injection safe and are there > > any possible problems with it regarding security ? > > > 2. I need to log every http request made to my website (so that if > > someone tries to hack the web site that I have info about his IP > > address and what exactly they tried to do). I need exact link which > > was typed and ip address of a computer which made the request. A whole > > http request would be nice but at least these two. Is there any way to > > do this (like a pre build component), or where in my source code > > should I place the code for this .. ? > > > Thank you , > > all the best > > > Milos -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: How safe is CakePhps auth component and other ..
1.) The Auth component is safe. It uses a salted SHA1 encrypted pw by default. It auto-escapes the fields already, so you don't have to bother with it. Just use SSL to encrypt the connection to sensitive parts of the application to be on the (very) safe side. 2.) Well, if you use the Apache web server, and you configured it correctly to write the access.log file, you got everything you need there. (Other web servers have this feature too) Kind regards Thomas Am 09.09.2011 16:44, schrieb Miloš Vučinić: Hi, I have two questions and I hope someone can help me.. I am making application which needs to be relatively safe. So here are questions I have for you: 1. I am using auth component from cakephp , but I cannot escape the login fields because login component works for itself and I cannot edit it's code.. I am wondering is it sql injection safe and are there any possible problems with it regarding security ? 2. I need to log every http request made to my website (so that if someone tries to hack the web site that I have info about his IP address and what exactly they tried to do). I need exact link which was typed and ip address of a computer which made the request. A whole http request would be nice but at least these two. Is there any way to do this (like a pre build component), or where in my source code should I place the code for this .. ? Thank you , all the best Milos -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
How safe is CakePhps auth component and other ..
Hi, I have two questions and I hope someone can help me.. I am making application which needs to be relatively safe. So here are questions I have for you: 1. I am using auth component from cakephp , but I cannot escape the login fields because login component works for itself and I cannot edit it's code.. I am wondering is it sql injection safe and are there any possible problems with it regarding security ? 2. I need to log every http request made to my website (so that if someone tries to hack the web site that I have info about his IP address and what exactly they tried to do). I need exact link which was typed and ip address of a computer which made the request. A whole http request would be nice but at least these two. Is there any way to do this (like a pre build component), or where in my source code should I place the code for this .. ? Thank you , all the best Milos -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
