I have done something about this (a while ago) and maybe not up to date with 1.2 RC2. Check about SecureGet on bakery. hth
On Jul 21, 6:24 am, "Jonathan Snook" <[EMAIL PROTECTED]> wrote: > Normally you have a user object stored in the session that's used to > authenticate. Just include that in any query that needs to be locked > down to a specific user. > > On Sun, Jul 20, 2008 at 3:22 PM, <[EMAIL PROTECTED]> wrote: > > > I searched the archives of this group and never found an answer to > > this question. > > > Suppose I have a page that is access via the URL > >http://www.mydomain.com/mycontroller/5 > > > There is nothing to stop a user from changing the URL to > >http://www.mydomain.com/mycontroller/6 > > and viewing a different record. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
