On Dec 31, 2007 11:48 AM, Chris Hartjes <[EMAIL PROTECTED]> wrote: > > Well, if you did want to do that sort of thing you could put it in a > beforeFilter() method in app_controller, but can you really trust the > contents of $_SERVER['HTTPS'] to be correct? If I understand > correctly, that info can be spoofed along with lots of other $_SERVER > values. >
I know some people felt weird about what I said here, so I did a little digging around and it turns out that $_SERVER['HTTPS'] cannot be spoofed. Good to know, because I got an IM from nate saying "because if that's possible, I need to change some stuff up". I think using Robby's suggestion of requireSecure() and the blackHoleCallback is the best way to go. -- Chris Hartjes My motto for 2007: "Just build it, damnit!" @TheKeyboard - http://www.littlehart.net/atthekeyboard --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---