You can also find some information on
http://www.dereuromark.de/2010/10/05/cakephp-security/
Basically sanitizing was often used too eagerly, instead of using
validation (which also usually is used too restrictive) and sane output
escaping.
Use whitelisting for security sensitive views - or use
Hi Matthew
With regards to Q1, I remember reading something to the effect that there
are other tools that do the job better. There was a detailed article
somewhere, but I can't locate it at the moment. As the web reference you
gave states, Sanitize was destructive, instead of just making sure
Greetings,
I am new to this community -- and to CakePHP itself. I have been testing a
long list of PHP frameworks (CodeIgniter, Laravel, Symfony, Yii) and find
myself really attracted to Cake because of the logic of how it works. It
just makes sense to me!
OK, for my actual questions on secur