Re: Security Component: blackhole with no, erm, whitehole?
Thanks, Jeremy. I think I'm going to opt for roughly the same thing. Use my pushSSL() function - analogous to your __unforceSSL() - on all controllers that don't require SSL, then use the switching style for those that do require SSL. It just seems weird to me that they have a function in Security which is meant to identify which actions require SSL, but they don't have a native function for pushing people *off* SSL. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Security Component: blackhole with no, erm, whitehole?
Here's how I did this on an app (this is 1.3 but I'd guess it'd be fairly easy to transpose to 2.0 if needed). In app_controller create a function: function __requireSecure() { ... conditions to check ... return true if SSL is needed ... return false by default } Create two other functions (looking at them they could be merged into a single function, but hey): function __forceSSL() { if (!env('HTTPS') == 1) { $this->redirect('https://' . env('SERVER_NAME') . $this->here); } } function __unforceSSL() { if (env('HTTPS') == 1) { $this->redirect('http://' . env('SERVER_NAME') . $this->here); } } Then in beforeFilter: if ($this->__requireSecure()) { $this->Security->blackHoleCallback = '__forceSSL'; $this->Security->requireSecure(); } else { $this->__unforceSSL(); } This can probably be improved, but it works. Jeremy Burns Class Outfit http://www.classoutfit.com Jeremy Burns Class Outfit http://www.classoutfit.com On 4 Jan 2012, at 18:05:35, DragonFlyEye wrote: > Can anyone help me out, here? > > -- > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group at > http://groups.google.com/group/cake-php -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Security Component: blackhole with no, erm, whitehole?
Can anyone help me out, here? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Security Component: blackhole with no, erm, whitehole?
Here's what I don't get about the Security Component: if there's an option to use the blackholeCallback for requireSecure, why is there no option to provide a callback for anything else? I'm using this system as outlined in the book to force SSL on certain actions. But I'd like to force people back off SSL after they're done accessing the secure areas. But this system only allows one-way action. Am I missing anything obvious? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php