If you're not modifying form fields with javascript, AJAX form submissions should have no impact on the use of the Security component and it's ability to prevent CSRF attacks.
-j. On May 20, 11:22 pm, "Dave Maharaj :: WidePixels.com" <[email protected]> wrote: > I am trying to break my application. > > How can I tell if a logged in user is trying to do the same by using firebug > and adding a form to a page? > I don't want to just sanitize and all of that...i want to know and ban that > specific user. What would be the best approach to determine if a user is > trying to submit data that should not be submitted. > For example a page that has no form and someone adds a form and tries to > submit could I easily check $this->data because there should be none? > > if(!empty($this->data)) > { > ...banuser()...... > > } > > Is there a better method or something already around that can help. Most of > my requests are AJAX so for pages with forms the Security component is no > good for me. > Ideas? Suggestions? > > Thanks, > > Dave --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
