Yeah, I'm on Cake 2.1, so I will have to test it thoroughly for sure. Thanks!
On Wed, Mar 7, 2012 at 4:07 PM, jeremyharris <[email protected]> wrote: > Enabling the Security component should be the first thing you do. You are > immediately protected against form tampering. > > Something to note on enabling it on an existing app: test it thoroughly! > Checkboxes with no hiddenField will blackhole (at least in 1.3) comes to > mind. > > On Wednesday, March 7, 2012 7:59:39 AM UTC-8, nabeel wrote: >> >> I figured, so using SecurityComponent will protect against this. >> I have to re-visit that component, I was having some issues on forms when >> they came from a redirect (ie, external auth) >> >> Thanks >> >> On Tuesday, March 6, 2012 5:01:38 PM UTC-5, PhpNut - Larry E. Masters >> wrote: >>> >>> >>> Hi all, >>>> >>>> I'm sure we've all heard about what happened with RoR and Github just >>>> recently - >>>> >>>> https://github.com/rails/**rails/issues/5228<https://github.com/rails/rails/issues/5228> >>>> http://arstechnica.com/**business/news/2012/03/hacker-** >>>> commandeers-github-to-prove-**vuln-in-ruby.ars<http://arstechnica.com/business/news/2012/03/hacker-commandeers-github-to-prove-vuln-in-ruby.ars> >>>> >>>> So I can see how this could possibly be done in Cake as well (haven't >>>> tried), but just adding a hidden field to the form with the values. >>>> >>>> So - what's the best way (in Cake) to protect against this? Is it >>>> setting the allowed fields in the $this->Model->save() call? Is the a >>>> better way? >>> >>> >>> >>> CakePHP has protected against this for years. Follow conventions, use >>> the Security Component and Form Helper. >>> >>> $components = array('Security'); >>> >>> >>> -- >>> Larry E. Masters >>> >>> >> -- > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > [email protected] For more options, visit this group > at http://groups.google.com/group/cake-php > -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
