Even then, the REST interface would surely not allow for manual input of Post IDs, this just smacks of allowing people to edit any Post in your database. You would not only need to check if the request was for a valid record, but check the person making the request was authorised to perform the action.
HTH, Paul.
-- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
No comments:
Post a Comment