Hi every body,
I'm pretty sure this must have been answered somewhere. However I
wasn't able to find an answer yet. I have two question regarding the
security component.
1. Authentification tokens seem to be checked by the security
component only if data is passed via post. I assume this since my
delete action is performed through a delete link even if the action is
protected by the security component. This makes the security component
useless for CSRF without the use of security->requirePost(). Am I
right with this?
2. Its obvious that my "add/edit" links are not working if using
requirePost('add','edit'), I could solve this by adding
requirePost('add','edit') only if data is submitted by the user like
this:
in beforeFilter
if(this->data){
security->requirePots('add,'edit')
}
But how do I handle the delete links? Do I have to replace all of them
with small forms which contain the authentication token?
Thanks for your help...
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php
