Sunday, December 29, 2013

Re: Dealing With Malicious Users

I think it really depends on the developer, I would recommend using setFlash and redirect or even throwing an appropriate exception for simple enough applications.

You could also write to a log file when you suspect malicious activity and take note of any parameters or auth session details for review.

I would personally say don't try to auto ban or log them out it probably wont stop them.

HTH
 Stephen

Sent from my iPad

On 29 Dec 2013, at 23:19, "Advantage+" <movepixels@gmail.com> wrote:

I am working on a fairly large application and I am modify form fields, trying to edit other people's records or just stuff you should not be doing to test things out.

 

My question is how to handle these requests.

Obviously what they are doing gets stopped but do you alert them with a message Illegal Attempt? Log them out? Ban them? Record the error for admin to review and decide later what to do.

Simply dis-regard and do nothing and just a message saying error please try again?

 

If someone is up to no good what is the best way to deal with this? How do you handle it? What do you do?

 

Thanks for any and all insight you guys can provide.

 

Dave

 

 

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
 
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.

No comments: