Sorry, what do you mean by the only way? I'm trying to fully understand the security component and all of the caveats before I go and implement anything - I want to do it the proper way.
On Thu, Mar 8, 2012 at 9:07 AM, euromark <[email protected]> wrote: > @rodrigo > right - this is also the only way to work with ajax form posts > > > Am Donnerstag, 8. März 2012 13:57:08 UTC+1 schrieb Rodrigo Rodrigues Moyle: > >> I always use save($data, array('fieldList' => array())) to protect >> against this problem regardless of the SecurityComponent. >> >> Em terça-feira, 6 de março de 2012 18h06min37s UTC-3, nabeel escreveu: >>> >>> Hi all, >>> >>> I'm sure we've all heard about what happened with RoR and Github just >>> recently - >>> >>> https://github.com/rails/**rails/issues/5228<https://github.com/rails/rails/issues/5228> >>> http://arstechnica.com/**business/news/2012/03/hacker-** >>> commandeers-github-to-prove-**vuln-in-ruby.ars<http://arstechnica.com/business/news/2012/03/hacker-commandeers-github-to-prove-vuln-in-ruby.ars> >>> >>> So I can see how this could possibly be done in Cake as well (haven't >>> tried), but just adding a hidden field to the form with the values. >>> >>> So - what's the best way (in Cake) to protect against this? Is it >>> setting the allowed fields in the $this->Model->save() call? Is the a >>> better way? >> >> -- > Our newest site for the community: CakePHP Video Tutorials > http://tv.cakephp.org > Check out the new CakePHP Questions site http://ask.cakephp.org and help > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > [email protected] For more options, visit this group > at http://groups.google.com/group/cake-php > -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
