Re: Security Question

2013-03-14 Thread lowpass
On Wed, Mar 13, 2013 at 10:19 PM, Advantage+ wrote: > When I logout of my site it redirects me to /login. > > If I then hit login (nothing entered in user / pass) I get black-holed. > > The requested address '/login' was not found on this server. > > > > Why is that? It should just show the errors

Security Question

2013-03-13 Thread Advantage+
When I logout of my site it redirects me to /login. If I then hit login (nothing entered in user / pass) I get black-holed. The requested address '/login' was not found on this server. Why is that? It should just show the errors "Invalid User / Pass" Or validation errors. Not black hole the w

Re: Security question

2011-01-25 Thread Larry E. Masters
Welcome. You might want to look at this plugin on github too, it might save you some time. https://github.com/CakeDC/users -- Larry E. Masters On Tue, Jan 25, 2011 at 3:32 PM, Dave Maharaj wrote: > Thanks. That’s all I needed to know J > > > > -- > Our newest site for the community: CakePHP

RE: Security question

2011-01-25 Thread Dave Maharaj
Thanks. That's all I needed to know J -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cak

Re: Security question

2011-01-25 Thread Larry E. Masters
M > *To:* cake-php@googlegroups.com > *Subject:* Re: Security question > > > > Why do you think this be more "secure"? > > > > -- > > Larry E. Masters > > > > On Tue, Jan 25, 2011 at 3:13 PM, Dave Maharaj wrote: > > Security as in secure no

RE: Security question

2011-01-25 Thread Dave Maharaj
I do not think if it is or is not.hence the question. From: Larry E. Masters [mailto:php...@gmail.com] Sent: Tuesday, January 25, 2011 5:49 PM To: cake-php@googlegroups.com Subject: Re: Security question Why do you think this be more "secure"? -- Larry E. Masters On T

Re: Security question

2011-01-25 Thread Larry E. Masters
Why do you think this be more "secure"? -- Larry E. Masters On Tue, Jan 25, 2011 at 3:13 PM, Dave Maharaj wrote: > Security as in secure not the Security component to not confuse anyone. > > > > Is it better / more secure / better practise to have a table with > “password” information only ,

Security question

2011-01-25 Thread Dave Maharaj
Security as in secure not the Security component to not confuse anyone. Is it better / more secure / better practise to have a table with "password" information only ,with fields like user_id, reset_token, question, answer, password, email, attempts and keep plain text (firstname, lastname, s

Security Question

2009-11-14 Thread Dave
I am trying to figure out the best way to sanitize and clean data and have it safe, readable and as easy as possible. In my controller I have: $clean = new Sanitize(); $this->data = $clean->clean($this->data); Basic simple clean method. But if a user enters

RE: Security Question

2009-08-06 Thread Dave Maharaj :: WidePixels.com
Thanks for your insight. Dave -Original Message- From: Miles J [mailto:mileswjohn...@gmail.com] Sent: August-06-09 6:04 PM To: CakePHP Subject: Re: Security Question I dont see anything wrong with it, its pretty much a typical action setup

Re: Security Question

2009-08-06 Thread Miles J
I dont see anything wrong with it, its pretty much a typical action setup. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe

Security Question

2009-08-06 Thread Dave Maharaj :: WidePixels.com
I have a this function and was wondering what are the security holes by doing it this way? I am not passing any variables so i do not need to check if this $someVariable = this->Auth You have to be logged in , all the info is pulled from the Auth->User->('id') I could use function personal(

Re: Security question

2009-07-13 Thread Richard
Hi Dave, In terms of security, my opinion is that your concern should be with how the data is protected rather than the profiles a person can have. I was responsible for the architecture of a major real estate application and we implemented it in a similar way that you mentioned. Each user had "pr

Security question

2009-07-12 Thread Dave Maharaj :: WidePixels.com
What would be the security holes to watch for in a situation like this Everyone who registers is a user User is then broken up into one of 2 groups depending on what role they select (think of a real estate site where you maybe looking for a home or selling so your either a buyer or seller)

Re: Security question

2009-05-21 Thread jperras
If you're not modifying form fields with javascript, AJAX form submissions should have no impact on the use of the Security component and it's ability to prevent CSRF attacks. -j. On May 20, 11:22 pm, "Dave Maharaj :: WidePixels.com" wrote: > I am trying to break my application. > > How can I t

Security question

2009-05-20 Thread Dave Maharaj :: WidePixels.com
I am trying to break my application. How can I tell if a logged in user is trying to do the same by using firebug and adding a form to a page? I don't want to just sanitize and all of that...i want to know and ban that specific user. What would be the best approach to determine if a user is tryin

Re: where to start - basic security question?

2009-01-13 Thread SethA
I think I should clarify. I think Adam correctly understood what I was trying to get at. For further context, look at the blog example code and how they use the HTML helper to craft the links to actions like deleting posts, creating posts, etc. So you get a delete link that when you hover you see

Re: where to start - basic security question?

2009-01-13 Thread soosa
If you don't like the default {controller/action/params} shape then CakePHP accepts your own custome URLs by using URL Routes, check this out "Custom URLs from the Site Root ". Moreover, having controller name, action, and para

Re: where to start - basic security question?

2009-01-13 Thread Adam Royle
Yes, I would say most people use the controller/action/params type urls. Most people's thoughts about passing the action through a POST instead of a GET to make it more secure are moot. You can fake (and modify variables) in a POST request just as easy as you can with GET. Your post indicates th

Re: where to start - basic security question?

2009-01-12 Thread Miles J
You can simple allow/deny users from viewing certain actions depending on their user/login status. http://book.cakephp.org/view/172/Authentication http://book.cakephp.org/view/175/Security-Component --~--~-~--~~~---~--~~ You received this message because you are su

where to start - basic security question?

2009-01-12 Thread SethA
I'm new to all this. It all started with a desire on my part to start building some PHP based apps on my own time. I'm not a programmer by trade, so try to be understanding with me :). After months of [part time] googling, I've become familiar (somewhat) with MVC, why it is important, frameworks,

Re: Security question: AuthComponent and passwords

2008-10-12 Thread [EMAIL PROTECTED]
in rc3 i've big problem witch auth component ;< On 12 Paź, 19:00, "Bernhard J. M. Grün" <[EMAIL PROTECTED]> wrote: > Hi! > > Thanks for your response. > I already know that Security::hash() is used to generate the hash. But the > problem is that the hash is insecure (for passwords) in my eyes. Th

Re: Security question: AuthComponent and passwords

2008-10-12 Thread Bernhard J. M. Grün
Hi! Thanks for your response. I already know that Security::hash() is used to generate the hash. But the problem is that the hash is insecure (for passwords) in my eyes. The reason is that two passwords encrypt to the same hash (given the secret salt is the same which is the case). -- Bernhard J.

Re: Security question: AuthComponent and passwords

2008-10-12 Thread [EMAIL PROTECTED]
http://api.cakephp.org/class_auth_component.html#216d4deefcd62ffeac5d9334b9cc2614 On Oct 11, 5:24 am, "Bernhard J. M. Grün" <[EMAIL PROTECTED]> wrote: > Hi! > > Is it correct that the passwords created with the help of the AuthComponent > are not public hashed (i.e. only secret hashed)? At least

Security question: AuthComponent and passwords

2008-10-11 Thread Bernhard J. M. Grün
Hi! Is it correct that the passwords created with the help of the AuthComponent are not public hashed (i.e. only secret hashed)? At least in my test app it seems to be like that. If so this is a major security hole. Example: User Alice has password "test": 2dd357c503a6812e276096a306cca02852cc1e4f

Custom Validate for search - security question

2007-11-25 Thread cronet
Hi, I'm performing a search the following way function searchform() { // Displays searchform } function search_redirect() { // redirect to get values $this->redirect("/results/".$this->data['Search']['searchvalue1']."/". $this->data['Search']['searchvalue2']."/".$this->d

Re: Security question

2007-06-30 Thread Riky Kurniawan
On 6/30/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > Hi there, > > A newbie question, so sorry if this is easy. I had a look through the > forum and didn't see the answer. > > I have an area on my app where the user votes by clicking on an > image. Via AJAX, this updates a DIV with stat

Re: Security question

2007-06-30 Thread francky06l
You can indeed make a form, but a "post" can also be tricked. This thread shows some solutions about this, especially the GET with some hashing mD5: http://groups.google.com/group/cake-php/browse_thread/thread/76dfe9536d8a761e/2713f28a4995c203?lnk=gst&q=delete+get+method&rnum=10#2713f28a4995c203

Security question

2007-06-30 Thread [EMAIL PROTECTED]
Hi there, A newbie question, so sorry if this is easy. I had a look through the forum and didn't see the answer. I have an area on my app where the user votes by clicking on an image. Via AJAX, this updates a DIV with stats elsewhere on the page. The link looks like this: http://domain.com/c