On Mon, Oct 27, 2014 at 10:38 PM, Florian Krämer bur...@doomzone.de wrote:
I've turned the idea into an implementation. Proof of concept goes here:
https://github.com/burzum/cakephp/commit/9d8f6b4cb7653dd14130af68dbc632e9055d8d76
Cool! I will try this out...
Tarique
--
Like Us on
I've turned the idea into an implementation. Proof of concept goes
here:
https://github.com/burzum/cakephp/commit/9d8f6b4cb7653dd14130af68dbc632e9055d8d76
This will output the dirty fields as a list below the error message. I hope
this is going to make it into the core. :)
On Sunday, October
Florian... What a wonderful idea.
Just wish I understood all of Cake well enough to help implement. I've
fought with the Security Component many times and, although I've never
lost, it has created many headaches. Hope the Development team can add
this functionality during debugging.
--
oh, ok. fair enough if it doesn't know it can't tell me.
On 12 September 2014 12:32, mark_story mark.st...@gmail.com wrote:
One of the issues with the field hashing is that SecurityComponent doesn't
know what is wrong either. It just knows that the hash of the data does not
match what was
Mark wouldn't it be possible to keep track of these changes somehow via
debug kit? Save the original keys to session and then do the same
comparison with the data that the security component does but without the
hashing but an array diff instead?
On Friday, September 12, 2014 4:32:32 AM
One of the issues with the field hashing is that SecurityComponent doesn't
know what is wrong either. It just knows that the hash of the data does not
match what was generated in the past.
-Mark
On Monday, 8 September 2014 21:47:05 UTC-4, #2Will wrote:
I've got an app i have been maintaining
Don't use it if you think it is a mess and not real security.
You can implement secure forms yourself by using field whitelists and a
csrf token. I rarely use this component and I manage with those pretty fine
On Tuesday, September 9, 2014 3:47:05 AM UTC+2, #2Will wrote:
I've got an app i
I think my hacks to avoid black holes is a mess. I'm sure the component is
ace.
It does however give off a lot of false positives and looking round the
web, not just for me. With that in mind, it would be awesome if it was
more expressive about what triggered it.
Also, it's awkward
@Jose: good to know ... logical cause of the dropped table was someone
getting their hands on the database login credentials.
@Dakota: thanks, will keep an eye out for that, not that it's a factor in
this situation.
On Friday, June 13, 2014 4:52:22 AM UTC+1, Dakota wrote:
Just one thing to
No, the security component does not prevent you against that. There most be
some place where you are passing raw input into a query.
On Thursday, June 12, 2014 1:28:03 AM UTC+2, phpMagpie wrote:
Hi,
I've just launched a site for a client that had quite a big form in it
that people were
I personally do not think the site was the victim of an SQL Injection as I
am not passing any raw queries into the system anywhere. The more
realistic cause of the problem is I shared phpMyAdmin user details with the
client and they accidentally deleted the table themselves, or the login
As long as you are using the Model API and not passing raw strings of SQL
to it then you should be safe
On Thursday, June 12, 2014 12:56:10 PM UTC+2, phpMagpie wrote:
I personally do not think the site was the victim of an SQL Injection as I
am not passing any raw queries into the system
Just one thing to note is that the updateall method doesn't do all escaping.
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
CakePHP group.
To unsubscribe from
I thought it would more depend on how you are writing changes to the
database.
If you're going via the model, with ::create and ::save methods, then users
shouldn't be able to inject a truncate or drop. I say shouldn't
because that is my understanding of how it is supposed to work, but I've
Yeah, everything is done via Model::save() and your understanding is the
same as mine.
If anyone does know otherwise would be good to know.
Thanks, Paul.
On Thursday, 12 June 2014 01:17:12 UTC+1, Reuben wrote:
I thought it would more depend on how you are writing changes to the
database.
Check the Code
http://api.cakephp.org/2.4/source-class-SecurityComponent.html#322-338
Blackholing is nothing more than throwing a BadRequestException or
triggering a callback.
I would not use an exception in that place.
On Friday, December 27, 2013 7:37:24 PM UTC+1, advantage+ wrote:
Is
My solution is to receive the post via one action then redirect to the log in
action. Security::unlockedActions doesn't seem to work though (I must be doing
it wrong?); I have to check for the initial action and disable the Security
component. After the redirect the action is different, so the
Thanks, Jeremy. I think I'm going to opt for roughly the same thing. Use my
pushSSL() function - analogous to your __unforceSSL() - on all controllers
that don't require SSL, then use the switching style for those that do
require SSL.
It just seems weird to me that they have a function in
Can anyone help me out, here?
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
Here's how I did this on an app (this is 1.3 but I'd guess it'd be fairly easy
to transpose to 2.0 if needed).
In app_controller create a function:
function __requireSecure() {
... conditions to check
... return true if SSL is needed
...
Thanks Andy.
On 13 Oct 2011, at 14:38, AD7six wrote:
On Oct 13, 2:13 pm, Jeremy Burns jeremybu...@classoutfit.com wrote:
I'm developing a corporate application that'll be used as part of
people's day jobs. It is not unlikely that they will be in the middle
of something, lock up their PC
On Oct 13, 2:13 pm, Jeremy Burns jeremybu...@classoutfit.com wrote:
I'm developing a corporate application that'll be used as part of
people's day jobs. It is not unlikely that they will be in the middle
of something, lock up their PC and go home for the night. When they
come back in they'll
Thanks a lot Jens,
I think I'll model it this way. Perhaps using a small ajax popup which
contains the token instead of a new frame just asking if the record
should be deleted.
On 13 Aug., 13:03, Jens Dittrich jdittr...@gmail.com wrote:
No or it depends on what you want to happen when a delete
No or it depends on what you want to happen when a delete link is clicked.
No one forces you to commit a delete on a click on a link. As an example,
you could always display a page requesting a confirm for the delete request,
which could carry a token for that request. That way you could not
I was able to solve the first question myself:
In my controller actions I allways check if(this-data) before saving
or editing a record.
If variables are passed via get (harmfull link for example), $this-
data is empty and nothing harmfull can happen.
In other words, without using post method its
$this-Auth-allowedActions = array(); //will allow nothing
$this-Auth-allowedActions = array('login'); //only allow the action in the
array
These are set in the controller itself so you could specify just the 1
allowed action for that controller.
K
-Original Message-
From:
So I need in couple Auth and Security component?
On 6 Apr, 09:54, Krissy Masters naked.cake.ba...@gmail.com wrote:
$this-Auth-allowedActions = array(); //will allow nothing
$this-Auth-allowedActions = array('login'); //only allow the action in the
array
These are set in the controller
I don't need a complete mechanism of authentication.
I just want to protect every action with http basic and leave just one
action unprotected.
As soon add Auth component I should create users table and so on, and
I would avoid this.
On 6 Apr, 10:01, Mariano C. mariano.calan...@gmail.com wrote:
Correct
Auth is for User authentication (login / out)
Security for security of the forms basically
-Original Message-
From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf
Of Mariano C.
Sent: Wednesday, April 06, 2011 5:32 AM
To: CakePHP
Subject: Re: Security
zero sense...have you read your own question?
-Original Message-
From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf
Of Mariano C.
Sent: Wednesday, April 06, 2011 7:17 AM
To: CakePHP
Subject: Re: Security component and HTTP Basic Authentication
I don't need
] On Behalf
Of Mariano C.
Sent: Wednesday, April 06, 2011 7:17 AM
To: CakePHP
Subject: Re: Security component and HTTP Basic Authentication
I don't need a complete mechanism of authentication.
I just want to protect every action with http basic and leave just one
action unprotected.
As soon add
sorry man but who told you that security component and AJAX do not
work?
On Nov 8, 10:18 pm, Dave Maharaj m...@davemaharaj.com wrote:
Ok from what I have read using Security Component with AJAX request will not
work.
So I never added it to my app_controller, then today I decided lets see
will
and will not work.
Im simply sending forms ajax with jquery.form pluging
All my stuff works that’s why im wondering.
-Original Message-
From: robust solution [mailto:hussein_elhar...@yahoo.com]
Sent: November-09-10 4:36 AM
To: CakePHP
Subject: Re: Security Component
sorry man but who told you
: Re: Security Component
sorry man but who told you that security component and AJAX do not
work?
On Nov 8, 10:18 pm, Dave Maharaj m...@davemaharaj.com wrote:
Ok from what I have read using Security Component with AJAX request will
not
work.
So I never added it to my app_controller
Right on thanks for that bit.
I am not modifying any of the forms, simply AJAX submit.
But 1 thing that has me puzzled was I added Security component, used firebug
to edit the hash value, change a few field names / values and it still
submitted fine (no blackholes) so that where I was getting
Most of the time it will not validate and blackhole (throw a
whitepage), it was easiest to just disabled it in AJAX calls.
$this-Security-validatePost = false;
We dont need validation in AJAX anyways as we usually need some sort
of json response.
On Nov 8, 2:18 pm, Dave Maharaj
though.
Just curious is all.
Thanks,
Dave
-Original Message-
From: Miles J [mailto:mileswjohn...@gmail.com]
Sent: November-08-10 7:58 PM
To: CakePHP
Subject: Re: Security Component
Most of the time it will not validate and blackhole (throw a
whitepage), it was easiest to just disabled
: November-08-10 7:58 PM
To: CakePHP
Subject: Re: Security Component
Most of the time it will not validate and blackhole (throw a
whitepage), it was easiest to just disabled it in AJAX calls.
$this-Security-validatePost = false;
We dont need validation in AJAX anyways as we usually need some sort
i just spent an hour trying to debug a similar situation... i finally
noticed that i forgot to put echo $form-end() at the end of the
form...
On Sep 19, 1:22 am, Jeremy Burns | Class Outfit
jeremybu...@classoutfit.com wrote:
Yup - I know all this and if you read the post you'll see that I am
i always hated the security component for that
had similar issues some time ago.
debugging is almost impossible^^
at least in debug 0 it should not blackhole completely (but maybe
throw some errors or whatever)
if there is such an option i didnt find it yet
On 20 Okt., 22:43, austin
When using the Security Component you must use the FormHelper to
create your forms. The Security Component looks for certain indicators
that are created and managed by the FormHelper (especially those
created in create() and end()). Dynamically altering the fields that
are submitted in a POST
Yup - I know all this and if you read the post you'll see that I am using the
form helper and am not using javascript. My question was how do you debug an
issue with the Security component?.
Jeremy Burns
Class Outfit
jeremybu...@classoutfit.com
http://www.classoutfit.com
On 18 Sep 2010, at
if ($this-action == 'foobar') {
$this-Security-validatePost = false;
}
On Sep 16, 11:53 pm, Jeremy Burns jeremybu...@classoutfit.com wrote:
Is it possible to exclude a single controller action from the Security
component? At present I have $this-Security-validatePost = false; in
the
Perfect and so simple. I should have thought of that myself. Thanks.
Jeremy Burns
Class Outfit
jeremybu...@classoutfit.com
http://www.classoutfit.com
On 17 Sep 2010, at 17:58, Miles J wrote:
if ($this-action == 'foobar') {
$this-Security-validatePost = false;
}
On Sep 16, 11:53 pm,
Are you creating input fields without the form helper?
http://milesj.me/blog/read/43/Protecting-Your-Forms-With-The-Security-Component
On Sep 8, 8:03 am, Jeremy Burns jeremybu...@classoutfit.com wrote:
I have enabled the Security component in my app_controller and mostly
this works just fine.
Yup - all the way through. No java or funny stuff either.
Jeremy Burns
Class Outfit
jeremybu...@classoutfit.com
http://www.classoutfit.com
On 8 Sep 2010, at 18:20, Miles J wrote:
Are you creating input fields without the form helper?
A bit late though, but thanks!
On 11 jul, 03:48, nurvzy nur...@gmail.com wrote:
Set the security component to not validate that field.
http://book.cakephp.org/view/1297/Configuration
Hope that helps,
Nick
On Jul 10, 1:28 pm, Tomatosoup wiegersteenhui...@gmail.com wrote:
Hello,
I
Your welcome. :)
On Jul 30, 5:32 pm, Tomatosoup wiegersteenhui...@gmail.com wrote:
A bit late though, but thanks!
On 11 jul, 03:48, nurvzy nur...@gmail.com wrote:
Set the security component to not validate that field.
http://book.cakephp.org/view/1297/Configuration
Hope that helps,
Set the security component to not validate that field.
http://book.cakephp.org/view/1297/Configuration
Hope that helps,
Nick
On Jul 10, 1:28 pm, Tomatosoup wiegersteenhui...@gmail.com wrote:
Hello,
I use the Security component, but one (kind of custom) form gets
invalidated.
Is there some
I did manage to solve it and directly after I had posted this! I
retained the ...
echo $form-create('Product', array('action'='edit/'.$this-data
['Product']['id'])); on list.ctp.
I changed the link on edit.ctp to a verbose link without the id
i.e. $form-create('Product', array('action'='edit')).
I may be wrong in this, but im pretty sure the requirePost() is only
supposed to be used once. It should only be used on the initial
request of the page, not subsequently after.
Why would you have that page require a post to access? And not just
turn it back to a link? It doesn't solve any
Yes the security component adds a hidden token/timer within the forms.
Their is a time limit that black holes if you sit on the page too
long. Not sure if you can configure it. Try doing a search within the
Security component.
On Jan 18, 8:43 pm, Stinkbug justink...@gmail.com wrote:
Just
Just checking to see if anyone has any recommendations on this before
I start implementing something myself.
On Dec 16 2009, 10:49 pm, Stinkbug justink...@gmail.com wrote:
I've been using the security component for quite some time, but there
is one issue that I've never been able to figure out
Dump our beforeFilter (AppController and UsersController)
On Dec 1, 6:20 pm, designv...@gmail.com designv...@gmail.com
wrote:
Hi all,
I have the Security component enabled in my users controller and its
adding the tokens into my register form and I am viewing it via HTTPS,
however the form
I looked at this
http://www.milesj.me/blog/read/43/Protecting-Your-Forms-With-The-Security-Component
and I added $this-Security-validatePost = false; to the
beforefilter action of each controller and everything seems to work
fine. I still get https enforced which is good through requireSecure
Hi,
did you ever solved this issue or got any response? I seems I have the same
problem..
Greets,
mark
VoiDeT wrote:
Hey Everyone!
I am struggling to write a file upload here. I have the security
component enabled in my app_controller and as soon as i place a $form-
file() in the form
Do not use $form-file(), thats your problem. Also do not ever use
select(), radio(), checkbox(), etc, you must use input().
$form-input('file', array('type' = 'file'));
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
Hi,
majna wrote:
https://svn.cakephp.org/repo/trunk/cake/1.1.x.x/
if you need zip version, email me.
On Aug 19, 4:26 pm, andphe and...@gmail.com wrote:
I would like to try the latest 1.1 release of cakePHP but it seems
that is not possible to download it from the cake forge, is there any
https://svn.cakephp.org/repo/trunk/cake/1.1.x.x/
if you need zip version, email me.
On Aug 19, 4:26 pm, andphe and...@gmail.com wrote:
Hi there,
I have a website running a old version of cakePHP (1.1.19.6305), the
fact is that the security component blackhole some legitimate
requests, I
To: CakePHP
Subject: Re: Security Component and AJAX
Hi, I'm just buttin in with a quick question. Something for you to check.
There is no other ajax request after the page loads and before the form is
posted? If so then this will also cause problems for SecurityComponent since
the token
Hi, I'm just buttin in with a quick question. Something for you to
check.
There is no other ajax request after the page loads and before the
form is posted? If so then this will also cause problems for
SecurityComponent since the token will be old.
/Martin
On Jun 3, 7:20 am, Miles J
-save($this-data, true,
array_keys($this-User-$join_table-schema(;
-Original Message-
From: Miles J [mailto:mileswjohn...@gmail.com]
Sent: June-03-09 2:50 AM
To: CakePHP
Subject: Re: Security Component and AJAX
At /joesmith/update/systems/, if you can debug the data you should be able
fade in the users profile.
Dave
-Original Message-
From: Martin Westin [mailto:martin.westin...@gmail.com]
Sent: June-03-09 9:09 AM
To: CakePHP
Subject: Re: Security Component and AJAX
Hi, I'm just buttin in with a quick question. Something for you to check.
There is no other ajax
Security component does not work in conjunction with Ajax.
If all your ajax requests are in a controller called Ajax, simply
place this in the beforeFilter().
/**
* Executed before each action
*/
function beforeFilter() {
parent::beforeFilter();
// Turn debug off for ajax calls
,
Dave
-Original Message-
From: Miles J [mailto:mileswjohn...@gmail.com]
Sent: June-02-09 10:51 PM
To: CakePHP
Subject: Re: Security Component and AJAX
Security component does not work in conjunction with Ajax.
If all your ajax requests are in a controller called Ajax, simply place
On Tue, Jun 2, 2009 at 9:37 PM, Dave Maharaj :: WidePixels.com
d...@widepixels.com wrote:
My Ajax functions are in different controllers but I added
function beforeFilter()
{
parent::beforeFilter();
if ($this-params['action'] == 'update_systems')
-php@googlegroups.com
Subject: Re: Security Component and AJAX
On Tue, Jun 2, 2009 at 9:37 PM, Dave Maharaj :: WidePixels.com
d...@widepixels.com wrote:
My Ajax functions are in different controllers but I added
function beforeFilter()
{
parent::beforeFilter
Can I see your js ajax code.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
CakePHP group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
()
{$(this).fadeOut(slow)}
});
return false; // -- important!
});
});
-Original Message-
From: Miles J [mailto:mileswjohn...@gmail.com]
Sent: June-03-09 12:53 AM
To: CakePHP
Subject: Re: Security Component and AJAX
Can I see your js ajax code
If you are doing it that way, theres no possible way for your data to
show up in $this-data. Your ajax fields need to be wrapped in data[],
else it should show up in $this-params['form'].
--~--~-~--~~~---~--~~
You received this message because you are subscribed to
J [mailto:mileswjohn...@gmail.com]
Sent: June-03-09 1:19 AM
To: CakePHP
Subject: Re: Security Component and AJAX
If you are doing it that way, theres no possible way for your data to show
up in $this-data. Your ajax fields need to be wrapped in data[], else it
should show up in $this-params['form
Actually nvm I think I read it wrong.
Whats the content passed during the ajax request (find it with
Firebug).
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
CakePHP group.
To post to this group, send email to
...@gmail.com]
Sent: June-03-09 1:37 AM
To: CakePHP
Subject: Re: Security Component and AJAX
Actually nvm I think I read it wrong.
Whats the content passed during the ajax request (find it with Firebug).
--~--~-~--~~~---~--~~
You received this message because you
At /joesmith/update/systems/, if you can debug the data you should be
able to save it. What exactly happens, a white page?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
CakePHP group.
To post to this group, send
SecurityComponent does not do much for Ajax requests. At least not in
that way.
I use $this-Post-del($id) less and less. Instead I use deleteAll() in
this way:
$this-Post-deleteAll(array(
'Post.id' = $id,
'Post.author_id'=$auth_user_id
),true,true);
This will ensure that a user can only
That's a handy solution, thanks for sharing, Martin.
On Apr 21, 7:27 am, Martin Westin martin.westin...@gmail.com wrote:
SecurityComponent does not do much for Ajax requests. At least not in
that way.
I use $this-Post-del($id) less and less. Instead I use deleteAll() in
this way:
It also seems any post I make normally just goes to a white page. This
security component is quite confusing.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
CakePHP group.
To post to this group, send email to
Thanks that worked. But now im trying to blackhole a non ajax request,
and this doesnt seem to work either.
if (!$this-RequestHandler-isAjax()) {
$this-Security-blackHole($this, 'You are not authorized to process
this request!');
}
How exactly can I tell if the blackhole works, if I just get a
Looking at the Security component source, you need to override the
validatePost value in SecurityComponent. The following is untested code,
but I think it should work.
function beforeFilter() {
if ($this-action == 'your_action') {
$this-Security-validatePost = false;
}
anyone?
On 31 Jan., 11:52, Aurelius aurel...@temporaryinbox.com wrote:
When I use the form-Helper and the security-component, do I have to
check if the user changes the value of hidden fields (like id, and
foreign keys like author_id) or do the security-component auto-check
that through the
As far as I know the SecurityComponent checks for hidden fields.
But you could try it out using Firebug. ;-)
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
CakePHP group.
To post to this group, send email to
If it helps, I'm running a Linux server with Ubuntu. Apache set up as
virtual hosts. So it may be a config issues there, but my doc root is
set correct on my 443 VH.
On Nov 7, 12:43 pm, rgreenphotodesign [EMAIL PROTECTED]
wrote:
Hi All,
I'm working on implementing the security component for
Problem solved, server config issue.
Now for the real question!! Is what I've done the best practice???
Thanks!!
On Nov 7, 1:02 pm, rgreenphotodesign [EMAIL PROTECTED]
wrote:
If it helps, I'm running a Linux server with Ubuntu. Apache set up as
virtual hosts. So it may be a config issues
Ok thanks! I thought I could use it so I don't have the password
stored in plain text. I guess it just protects the password in
transit.
On a shared host I don't like to store the passwords in plain text.
I'll just switch to auth or so...
:jc
On Oct 23, 3:00 pm, nate [EMAIL PROTECTED] wrote:
You actually have to give it the password in plaintext as well in
order for it to generate the necessary hash data.
On Oct 23, 1:57 am, jcsiegrist [EMAIL PROTECTED] wrote:
Hi everyone,
I'm trying to use the Security HTTP authentication features. While I
can get basic authentication to work,
What's the security difference between GET and POST. This has nothing
to do with security.
Semantically and for the sake of REST: If you use a form to retrieve
something from your application, it may even more make sense to use a
GET. On the other hand if you change something (add/update) with
On 8/14/07, teemow [EMAIL PROTECTED] wrote:
What's the security difference between GET and POST. This has nothing
to do with security.
My fault for not fully explaining myself. You are correct that GET
and POST have nothing to do with security.
Semantically and for the sake of REST: If you
I admit that there are very few use cases, but there is one already
mentioned by sergerod: searches. Have a look at google's search box.
On 8/14/07, Chris Hartjes [EMAIL PROTECTED] wrote:
On 8/14/07, teemow [EMAIL PROTECTED] wrote:
What's the security difference between GET and POST. This
On 8/14/07, Timo Derstappen [EMAIL PROTECTED] wrote:
I admit that there are very few use cases, but there is one already
mentioned by sergerod: searches. Have a look at google's search box.
So because Google uses a GET form for doing searches, that is somehow
the accepted way to do it? The
probably to make searches linkable.
On 8/14/07, Chris Hartjes [EMAIL PROTECTED] wrote:
On 8/14/07, Timo Derstappen [EMAIL PROTECTED] wrote:
I admit that there are very few use cases, but there is one already
mentioned by sergerod: searches. Have a look at google's search box.
So
On 8/13/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
A small request for developers of Security component. :-) Please make
an ability to switch off form data validation and autocreation of
hidden '__Token' fields when using Security and form/ajax helper in
Cake 1.2.
I know about
I use these forms to make a custom filters or searches.
On Aug 13, 4:09 pm, Chris Hartjes [EMAIL PROTECTED] wrote:
On 8/13/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
A small request for developers of Security component. :-) Please make
an ability to switch off form data validation
I perfectly agree that the Security Component is doing its job and I
do understand what requirePost and requireAuth purpose is for.
However, in case like users registration page, you would want to have
requireAuth and requirePost only after the form is submitted not prior
to form submission. My
On Jun 18, 12:19 pm, Ketan Patel [EMAIL PROTECTED] wrote:
I perfectly agree that the Security Component is doing its job and I
do understand what requirePost and requireAuth purpose is for.
Again, I really don't think you do. : /
However, in case like users registration page, you would want
I responded to your ticket: https://trac.cakephp.org/ticket/2783
On Jun 17, 10:15 pm, Ketan Patel [EMAIL PROTECTED] wrote:
I have made a request for enhancements to Security Component
athttps://trac.cakephp.org/ticket/2783... The details are below and I
would like some open discussion on
Sounds like a possible solution. Open an Enhancement ticket at
https://trac.cakephp.org/
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email to
96 matches
Mail list logo