Hi Jeff, and congrats on diving into the world of CakePHP! Are you asking how to prevent a user simply changing say '/articles/ edit/1' to '/articles/edit/2' and being able to edit another article? If so can I ask what the problem is with that?
Is the user only allowed to edit their articles? If so, you do checks to make sure they are the author or member of a group with editing rights. I do things of this nature by setting $auth->authorize = 'controller'; and creating an isAuthorized() method in my controller which checks if the person is allowed to perform the action on the record they have requested. How does making the ID longer help with this situation, other than adding a possible layer of obfuscation, I assume the records are not sequential in this case which makes guessing another record more difficult, but it also makes the URLs uglier changing '/articles/view/ 1/title_of_article' to '/articles/view/ 7d8jwjduchs6s5423n2is8dysjaks6dr/title_of_article' HTH, Paul Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
