RE: The request has been black-holed

I am no expert and hate the black-hole.

My sites use a s#it load of ajax request which Security cannot handle with forms so I created my own lock / key methods.

Pretty much based off the idea of Security hashing the fields then checking on submit to match for form tampering.

 

So every time a form is submitted I generate the $lock and on form  submit the $lock is checked against the $key so it prevents CSRF, form tampering and all that good stuff.

Beats having to black hole and wonder why!

 

From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf Of ben@articad.cc
Sent: Tuesday, April 02, 2013 12:12 PM
To: cake-php@googlegroups.com
Cc: jmail; stephen@foundfamily.co.uk
Subject: Re: The request has been black-holed

 

To save people form themselves? To save the world? I really don't care.

Bottom line: That blackholed request thing is a usability nightmare. You merely have to reload the page

On Monday, April 1, 2013 6:41:44 AM UTC+1, rchavik wrote:

On Thursday, March 28, 2013 4:57:38 PM UTC+7, b...@articad.cc wrote:

Security features like this that cause issues with basic flow, should be OFF by default. CakePHP is it's own worst enemy for leaving it in.

Why do you think CakePHP turns SecurityComponent on by default?

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
 
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.