Okay, let me see if I can take this one thing at a time. First of all, there are ways to ensure that POST data only comes from within your application. You can use the requireAuth method of the Security component (http://manual.cakephp.org/chapter/security). However, using client-side scripting, a malicious user could theoretically still inject additional form fields into the POST data.
This is where the $fieldList parameter of Model::save( ) comes in. And as far as your last question, the answer is no: A model's save operation cannot affect any other tables (except for HABTM join tables), only the table that the model itself is tied to. Using the above techniques, if you code your app securely, you shouldn't have any issues. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~----------~----~----~----~------~----~------~--~---
