Would you share your solution?
I would suspect one way to go about doing it is keeping the current ID
in the session (as a flash variable) and comparing it upon post.
On Sep 2, 7:03 pm, Jeremy Thomerson jeremythomer...@gmail.com wrote:
Yeah - but it's better to have both kinds of security. The
Hi Jeremy,
Those Symfony / Propel generated forms are basic with no security. You
will need to secure them based on the requirements of your project.
You don't secure a record from unauthorized access by obscuring the
ID, you actually have to check to make sure that a user is allowed to
access
Yeah - but it's better to have both kinds of security. The validation that
the same ID is coming back in is simple and can be generically added to all
Propel forms from a single place. That makes securing it with business
logic easier, because you don't have to worry about invalid IDs. I