> > Security is the responsibility of the PROGRAMMER, not the framework. > The best security features are not worth anything if you don't use > them properly. > > All the common security problems like XSS, cross-domain scripting and > SQL injection are easily solved by the programmer. Expecting Cake to > do it for you is being lazy. >
security is the responsability of everyone involved with the project. the programmer of the application, the programmer of the framework, the people that built the webserver and extra modules (mod_php), the people that install and maintain the system (operating system, other software, configuration, keeping it all up to date) right to the guys that designed/assembled the hardware in your server. everything works together, in several layers, and each layer is vulnerable for security issues. and besides, cake programmers are programmers too... i've inspected the cake code and that's why i *know* that cake handles stuff like sql injections, session hijackings,.. also, it provides very easy ways for the programmer to protect himself against XSS and the like. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
