Not so much a question as a pleasant observation. I'm just finishing off a project built on CakePHP 3.0 beta using the ACL and Security components amongst others. As the site called for super tight security (it's a payment gateway of sorts) I had it penetration tested. The site accepts posts via http and even instructions via SMS messages - so there's plenty of potential for vulnerabilities. After ~49,000 tests it reported only 16 red issues, 11 of which related to either Apache or PHPMyAdmin and the remaining five don't present an actual risk to the site or server; they are potential cross site scripting risks that could be used to expose cookies on the user's machine.
I'd like to pat myself on the back and say these results were down to my brilliant coding, but in fairness all I did was use the tools at my disposal. So thanks and well done to the core developers for delivering an outstanding toolset. -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. Visit this group at http://groups.google.com/group/cake-php?hl=en.
