I have an action called index() that allows users to see their personal information To keeps this info safe from hackers I want to protect index() using requireAuth. The means that all my ways of linking to index() have to use POST. This complicates the code and leads to a clunky interface and/or javascript. POST is good for submitting forms but for general site navigation it seems inappropriate.
I would rather be using GET. Yes, this would put the big, ugly authentication key in the url. But there would be no security issue because the key changes every time so no-one can use it to hijack the session. The Cake manual says requireAuth doesn't check authorization on GET requests for reasons of flexibility. With all due respect the flexibility I would like to see is the ability to have requireAuth work with GET. Am I crazy? How are other people doing this? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
