Is there a link to the details of the security concern? I know it's fixed now but I'm interested if I should always use the Security Component and what the implication is if I don't.
Tried googling and looking in Trac but I can't seem to find out what the problem was. On Jan 16, 10:14 pm, Gwoo <[email protected]> wrote: > After the release of 1.2 Final, we received a lot of attention. Some > of this came in the form of a security concern. The issue could affect > sites relying on the AuthComponent for user authentication, without > the use of the SecurityComponent. Essentially, an attacker may be able > to obtain credentials as the first user of the system. If you are > interested in testing your site, you can use the SQL Inject Me plugin > for Firefox[1] > > Along with several other bugs, this issue was fixed in the recently > released CakePHP 1.2.1.8004 Stable. We highly recommend that users > upgrade to this release. > > A big thank you for all those who report these issues to us and allow > us to fix them. > > Bake on, > CakePHP team > > [1]https://addons.mozilla.org/en-US/firefox/addon/7597 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
