Are you asking how to prevent a user simply changing say '/articles/
edit/1' to '/articles/edit/2' and being able to edit another article?
If so can I ask what the problem is with that?
Is the user only allowed to edit their articles? If so, you do checks
to make sure they are the author or member of a group with editing
rights. I do things of this nature by setting $auth->authorize =
'controller'; and creating an isAuthorized() method in my controller
which checks if the person is allowed to perform the action on the
record they have requested.
How does making the ID longer help with this situation, other than
adding a possible layer of obfuscation, I assume the records are not
sequential in this case which makes guessing another record more
difficult, but it also makes the URLs uglier changing '/articles/view/
1/title_of_article' to '/articles/view/
7d8jwjduchs6s5423n2is8dysjaks6dr/title_of_article'
HTH, Paul
Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
No comments:
Post a Comment