On Aug 19, 12:07 pm, Mukund <[email protected]> wrote:
> You can enable the :protect_from_forgery which puts in an authenticity
> token with every form. This is on by default in the new version of
> Rails. This is a random ID tied down with the session. This is not
> the same as what you are looking for, but it will probably suffice.
>
Actually i think it is completely different. That is protection from
csrf attacts, whereas Trausti is (I think) concerned about a user
editing the page to change the value of a hidden field or things like
that.
Fred
> On Aug 19, 2:47 pm, Trausti Thor Johannsson <[email protected]>
> wrote:
>
>
>
> > In cakephp, you have Secure component. It takes certain form values
> > like id and User_id and such and encodes them.
> > How is this done in rails ? I don't want the user to change ids on
> > items for deletions and such.
>
> > Trausti
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
