In my app I have the following ACL issue:
All actions/controllers are secured by ACL and a user should only see
pages when he is logged in. This works fine in general, but I
discovered a weird error today which is given me a headache:
When you enter the url
http://www.myapp.com/controller/action
the user is redirected to the login, which is exactly what I want.
But if the user types in this, e.g. to edit an article or sth like
that:
http://www.myapp.com/controller/action/5
the ACL does NOT deny the access to the page and everyone can view the
contents of the page!
This is a horrible security issue and I gotta fix it ASAP, so I'd be
very happy if someone could point me to the right direction so I can
solve this big problem!
Thx in advance,
DD
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
No comments:
Post a Comment