Re: Security Exploit.

[Felix Geisendörfer]

Ok, basically you shouldn't be afraid of script kiddie attacks that much with CakePHP as you should be when using systems like Drupal, Typo3, Joomla, etc.. Those people like to use Google to find vulnerable sites, and since CakePHP doesn't leave much of a typical html signature, it's a little difficult to find sites powered by CakePHP. Having that said, you should avoid displaying and especially linking to "Missing Controller"/etc. pages in a production site, since those can easily be found via google. The stuff above is what I would call a mass attack without a specific target. Now when somebody really wants to crack your site in particular, you're best protection is to maintain some request logs showing untypical behavior (url's with ?*.php or '..', etc. as well as _javascript_ commands). Other then that most problems will be related to your own code, and there is no way to write 100% & totally safe code. Try to be thoughtful when writing the code, invest some time in trying to hack it from the outside, but other then sad just hope the best. The chances are low that a low traffic CakePHP site will be a victim of hacks, but for bigger sites you should try to apply some of the strategies above. Oh, and keep in mind that I'm no expert in security at all. Those are just some strategies I would consider to implement when focusing on security. Best Regards, Felix Geisendörfer -------------------------- http://www.thinkingphp.org http://www.fg-webdesign.de [EMAIL PROTECTED] schrieb: Is there any chance that the security expert would be willing to put together a brief overview of security concerns within Cake? I get overwhelmed with the number and variety of exploits and exploiters out there now. Everywhere I look there seems to be a chink in the armor of every online system. In short, what do I need to know before putting up a Cake-based page for public access? I've been thinking of putting up one of my pages as (what I think is) a nice example of search, but I'm not sure if I can do that without exposing my ISP to an attack. Regards, Clueless in Cleveland --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~----------~----~----~----~------~----~------~--~---