1.) The Auth component is safe. It uses a salted SHA1 encrypted pw by
default. It auto-escapes the fields already, so you don't have to bother
with it. Just use SSL to encrypt the connection to sensitive parts of
the application to be on the (very) safe side.
2.) Well, if you use the Apache web server, and you configured it
correctly to write the access.log file, you got everything you need
there. (Other web servers have this feature too)
Kind regards
Thomas
Am 09.09.2011 16:44, schrieb Miloš Vučinić:
Hi,
I have two questions and I hope someone can help me..
I am making application which needs to be relatively safe. So here are
questions I have for you:
1. I am using auth component from cakephp , but I cannot escape the
login fields because login component works for itself and I cannot
edit it's code.. I am wondering is it sql injection safe and are there
any possible problems with it regarding security ?
2. I need to log every http request made to my website (so that if
someone tries to hack the web site that I have info about his IP
address and what exactly they tried to do). I need exact link which
was typed and ip address of a computer which made the request. A whole
http request would be nice but at least these two. Is there any way to
do this (like a pre build component), or where in my source code
should I place the code for this .. ?
Thank you ,
all the best
Milos
--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php
