Usually SQL injection.. but you need to look out to if you allow users to do anything for example post html / javascript.. Also beware of some things for example this compenent : http://bakery.cakephp.org/articles/view/autocomplete watch the bottom comments.
On Jul 15, 7:02 pm, "Feris Thia" <[EMAIL PROTECTED]> wrote: > On 7/15/07, Chris Hartjes <[EMAIL PROTECTED]> wrote: > > > > > Filter input. Escape output. That pretty much covers 99% of PHP > > security problems. Luckily CakePHP handles a lot of that stuff already > > for you as long as you follow the conventions. > > > -- > > Chris Hartjes > > Senior Developer > > Cake Development Corporation > > > My motto for 2007: "Just build it, damnit!" > > Hi Chris, > > Great to hear from you again ;) > > Wow, 99% is a great number. So, I can concluded there is no much > security concerns for CakePHP if we follow conventions as you said. > That will relieve me much. > > Btw, what do you mean by escaping output ? > > Regards, > > Feris --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
