Fredrik, exactly what I am after. Hashing/crypting the hidden fields. How ?
If I do this manually, it is more than guaranteed that I will forget this someplace. Trausti On Wed, Aug 19, 2009 at 1:32 PM, Frederick Cheung<[email protected]> wrote: > > > > On Aug 19, 12:07 pm, Mukund <[email protected]> wrote: >> You can enable the :protect_from_forgery which puts in an authenticity >> token with every form. This is on by default in the new version of >> Rails. This is a random ID tied down with the session. This is not >> the same as what you are looking for, but it will probably suffice. >> > Actually i think it is completely different. That is protection from > csrf attacts, whereas Trausti is (I think) concerned about a user > editing the page to change the value of a hidden field or things like > that. > > Fred >> On Aug 19, 2:47 pm, Trausti Thor Johannsson <[email protected]> >> wrote: >> >> >> >> > In cakephp, you have Secure component. It takes certain form values >> > like id and User_id and such and encodes them. >> > How is this done in rails ? I don't want the user to change ids on >> > items for deletions and such. >> >> > Trausti > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
