MarcusTerasa wrote:
> But if a user manipulates the form and posts a different id, another
> entry would be updated or created. So in a real world app it would be
> a great security risk.
>
> What could I do to prevent it?
Simply check in your Controller action if the user which requests the
change is allowed to ... ("is the client the owner of the dataabse
record he wants to change?")
Marcus
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
