I'm new to all this. It all started with a desire on my part to start building some PHP based apps on my own time. I'm not a programmer by trade, so try to be understanding with me :). After months of [part time] googling, I've become familiar (somewhat) with MVC, why it is important, frameworks, why I should use one, etc. (problem with googling is that in a fluid landscape, often times it is hard to discern obsolete info/articles from contemporary and current best practices) Haven't started anything yet due to my perfectionism wanting to "do it right" the first time. I've finally gotten myself to the point of taking that leap, and I think I am ready. Not wanting to write spaghetti PHP just to have to redo later in a better way it once I get my feet wet.... Up till now, I've just been finding my way by stumbling across this blog, that article, yada yada. This is my first time posting anywhere to ask specific questions that are troubling me.
I've been trying to find a good framework, what do most people use these days, yada, yada. Yeah, I know probably a stupid question. I have looked at Phrame (I know...) because some [old] articles I read during my research used it as an example for MVC based apps. I was tempted to build my first app with it, but decided that due to its apparent lack of maintenance and aging state (uses PHP4), I should find out what else is out there. Stumbled across CakePHP, and this seems like a good place to begin (at least). I haven't completely settled on this as my choice to dive in and am hoping the answer I get can help me fully decide. Soooo, anywho... here goes. What is bothering me as I have begun looking through the docs and the example blog app is this: I see that the basic mechanism for the web app to trigger various actions and so forth is to use URLs of this form "site.com/controller/action/param1/ param2". I fully accept that I may be the idiot of the year for asking whether I am wrong in thinking that this is a basic security problem? I personally don't want to expose this to an end user. I guess I am thinking that anyone could attempt to type a desired action into the address bar whether or not the application should allow them to take that action. For example, /posts/delete/52. Obviously you could/should build the logic into the controller to check the rights for the user to take an action, in this case maybe delete a particular blog post, only if the user has rights to do so. That goes without saying, and I consider a must anyway. But I would still prefer to not even expose the application controller logic at all to the end user if that is possible. I would assume that CakePHP can just as easily use POST variables to contain the action and params and then a redirect to avoid the "browser refresh" issue that POST tends to create. Is this assumption correct? Am I crazy for even worrying about this? I'm curious if most people just follow the generic CakePHP convention for URLs (controller/action/params), or if there is something that is a better practice to implement. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
