Cool will def check it out. I cant use the security component with AJAX calls if I read the docs correct. But with your component I can include the security component and it will play nice with AJAX? Add the tokens and so on to the forms?
Dave -----Original Message----- From: Miles J [mailto:[email protected]] Sent: October-02-09 1:33 PM To: CakePHP Subject: Re: Where request comes from? Well you can use my ajax handler, it wraps the security component so it works with AJAX calls. http://www.milesj.me/resources/script/ajax-handler-component On Oct 2, 7:12 am, Martin Westin <[email protected]> wrote: > You CAN... but it is painful to say the least. > > Since you can't have your cake and eat it ;) your best bet is to look > inside the Security Component to see what parts you want to use and > then put that into your own component, extend the core component or > something like that. You can also look at the Security class but it > does not offer any turn-key solutions for you. > > At the risk of being misinterpreted, I am tempted to say that you > should not care where requests comes from. Either a request is a > "public" request like /posts/display/123 or a protected action like / > posts/delete/123. Where the request comes from has little relevance in > the first case. In the second case it really has little relevance too > since you will be much more concerned about a valid session > identifying an authorized user, right? > > If your security model needs to include "has been posted from exactly > my form on my page" then ajax should not be used for those requests. > IMHO. > > /Martin > > On Oct 1, 11:05 pm, "Dave Maharaj :: WidePixels.com" > > <[email protected]> wrote: > > But no good for AJAX. > > > I have AJAX forms in my app so I cant use the security component. > > > Can I? I know it wont work for AJAX submitted forms. I was just curious. > > > Dave > > > -----Original Message----- > > From: Martin Westin [mailto:[email protected]] > > Sent: October-01-09 5:45 PM > > To: CakePHP > > Subject: Re: Where request comes from? > > > The Security Component does this kind of thing for you. For example, > > it will embed a hash value into the form which is a checksum of the > > form. If a field is missing or added it will be captured. If a > > hidden value is modified this will also be captured. Also sessions > > will be more secure and a lot harder to hijack since the session id is replaced for each request. > > > And a buch more stuff. > > > /Martin > > > On Oct 1, 9:36 pm, Bert Van den Brande <[email protected]> wrote: > > > I believe the FormHelper has some 'secure' stuff available for > > > this ... best to consult the documentation ... > > > > On Thu, Oct 1, 2009 at 8:50 PM, Dave Maharaj :: WidePixels.com < > > > > [email protected]> wrote: > > > > Is there a way to determine / ensure that any requested action > > > > comes from the server? > > > > > I mean more towards the aspect of forms. That when a form is > > > > submitted the request is coming from the site and not someone > > > > who made a form and trying to submit it to your site. > > > > > Just curious > > > > > Thanks, > > > > > Dave --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
