On Oct 10, 4:19 pm, Comida411 <[EMAIL PROTECTED]> wrote: > When the page is rendered if some one does a view source he can > clearly see the table name and the coloum name. > > Is it not a security risk?
Arguably it gives an attacker more information - but it's no more of a risk than the attacker being able to find out which language the application is written in, or which web server the application is hosted on. I honestly can't see any attack vector which is strengthened by an attacker knowing the fields in a database table - every attack in which a field name is used has as a prerequisite a level of access that would allow the attacker to trivially derive that information anyway. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
