Dave wrote: > > Also, check out the MySecurity component which prevents calling methods > > of the controller base > > class:http://rossoft.wordpress.com/2006/08/23/mysecurity-component/ > > Otherwise, users can call methods of the controller base class? What > degree of security problem does that create?
You could call things like /accounts/render/update or whatever and thereby executing code used in the view. I'm not familiar with all available methods in the base class but there's bound to be one or more the could pose a security threat if called directly. If not now, than maybe in a future Cake version. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~----------~----~----~----~------~----~------~--~---
