Hi, I've read the Cake documentation and Googled, but can't find an answer to this question...
I'm building a simple CMS to use on a couple of my own websites, using Cake 1.2 RC4, and since it's for the use of a small group of known, invited users, I'm focusing my initial security efforts on the publicly accessible pages such as logging in and resetting lost passwords. I should probably state at this point that in my day job I have several years' experience of writing web apps in PHP and Perl, but am new to CakePHP (as in only been using it for about five days!). Having built the user functionality I need - login, logout, update details, change password, etc - and got it working to my satisfaction, I've started on securing it by using Sanitize in my users_controller to clean up all form input. However the one automagical function that I'm having trouble with is login(). I've worked out how to do additional stuff (like timestamping the user record) after Auth has done its magic, but how can I sanitize the user input? Do I even need to? Thanks in anticipation! -- View this message in context: http://www.nabble.com/Sanitizing-login-data-tp21131263p21131263.html Sent from the CakePHP mailing list archive at Nabble.com. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
