Normally you have a user object stored in the session that's used to
authenticate. Just include that in any query that needs to be locked
down to a specific user.
On Sun, Jul 20, 2008 at 3:22 PM, <[EMAIL PROTECTED]> wrote:
>
> I searched the archives of this group and never found an answer to
>
This is a common web app issue. The same problem exists with form
input - if you have a drop-down in your form with the values 'A', 'B'
and 'C' - that doesn't actually stop a user from sending you 'D', it
just makes it (very) hard for technically naive users to do so.
What you want to do is check
Encrypting URL's doesn't make a lot of sense to me (in most cases) -
there are of course exceptions like creating temporary URL's. There
are a few reasons why:
- adding hash crap into your URL's isn't a smart SEO move
- if it's a GET URL, it should be readable. Readable means short
...and you NEE
Maybe this will help you:
http://bakery.cakephp.org/articles/view/encrypting-urls
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsu
I searched the archives of this group and never found an answer to
this question.
Suppose I have a page that is access via the URL
http://www.mydomain.com/mycontroller/5
There is nothing to stop a user from changing the URL to
http://www.mydomain.com/mycontroller/6
and viewing a different record
I have done something about this (a while ago) and maybe not up to
date with 1.2 RC2.
Check about SecureGet on bakery.
hth
On Jul 21, 6:24 am, "Jonathan Snook" <[EMAIL PROTECTED]> wrote:
> Normally you have a user object stored in the session that's used to
> authenticate. Just include that in an