Re: JSON call circumvents Auth component?
Not really, like the_woodsman said, parseExtensions, just indicates to the view and controller, that the layout and view files need to be from the js folder, to load up the jsHelper, and change the headers. Nothing else is different from a normal request. -Mark On Aug 25, 1:48 pm, Jonathan Snook <[EMAIL PROTECTED]> wrote: > I haven't had a chance to check this out in any detail and since there > are multiple people touching this app, I just wanted to ask: is it > possible to circumvent the Auth component by creating a request via a > JSON call (with parseExtensions enabled)? > > (I know I'm being really lazy here since I haven't bothered to > research it but just thought I'd ask and see if anybody had a quick > answer.) --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: JSON call circumvents Auth component?
I haven't done your expieriment for you, but I don't see how this could circumvent secuirty - parseExtensions applies to which views get rendered, and Auth is done way before that, surely? On Aug 25, 6:48 pm, Jonathan Snook <[EMAIL PROTECTED]> wrote: > I haven't had a chance to check this out in any detail and since there > are multiple people touching this app, I just wanted to ask: is it > possible to circumvent the Auth component by creating a request via a > JSON call (with parseExtensions enabled)? > > (I know I'm being really lazy here since I haven't bothered to > research it but just thought I'd ask and see if anybody had a quick > answer.) --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---