You could also hash your id in an hidden field, and when receiving the form, hash again the id and compare with the hidden hashed field. To trick you would have to find the hash string also ..a bit harder. That with the Security should cover your needs. Hope this helps
On Sep 4, 7:00 pm, "Chris Hartjes" <[EMAIL PROTECTED]> wrote: > On 9/4/07, J. Eckert <[EMAIL PROTECTED]> wrote: > > > > > Hi there, > > > There seems to be a security issue with the Model->save() function in > > Cake 1.2 if you are adding data through a form. > > I don't know if you already checked it out, but there is a Security > component that I think might help alleviate some of your fears about > the exact type of attack you are talking about: > > http://manual.cakephp.org/chapter/security > > There have also been a few threads on this mailing list about it as > well, so I also suggest searching those out via the Google Groups > interface. > > Hope that helps. > > -- > Chris Hartjes > Senior Developer > Cake Development Corporation > > My motto for 2007: "Just build it, damnit!" > > @TheBallpark -http://www.littlehart.net/attheballpark > @TheKeyboard -http://www.littlehart.net/atthekeyboard --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
