#6052: Model::save and saveAll $fieldList enforcement
-------------------------------------------------------------------------+--
Reporter: ionas82 |
Owner:
Type: RFC |
Status: new
Priority: Low |
Milestone: 1.3.x.x
Component: Model |
Version:
Severity: Normal |
Resolution:
Keywords: security, fieldlist, whitelist, blacklist, save, saveAll |
Php_version: n/a
Cake_version: 8004 |
-------------------------------------------------------------------------+--
Comment (by ionas82):
So in conclusion you would support an RFC where it states that Security
Component should be enabled by default (still disablable)?
What this RFC is about is "default" security settings so that you do not
have a lot of Cake apps spreading around where a hacker can always use the
same attack routine.
--
Ticket URL: <https://trac.cakephp.org/ticket/6052#comment:3>
CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/>
Cake is a rapid development framework for PHP which uses commonly known design
patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC.
Our primary goal is to provide a structured framework that enables PHP users at
all levels to rapidly develop robust web applications, without any loss to
flexibility.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"tickets cakephp" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/tickets-cakephp?hl=en
-~----------~----~----~----~------~----~------~--~---
