Wednesday, January 15, 2014

RE: Validation - General Rule

Thanks!

 

Dave Maharaj

Freelance Designer | Developer

www.movepixels.com  |  dave@movepixels.com  |  709.800.0852

 

From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf Of euromark
Sent: Wednesday, January 15, 2014 1:52 PM
To: cake-php@googlegroups.com
Subject: Re: Validation - General Rule

 

no, as they are internal + auto-set, you dont need to validate those.



Am Mittwoch, 15. Januar 2014 15:07:17 UTC+1 schrieb advantage+:

Just curious.

 

My db has CHAR36 for id so Cake generates the UUID.

All tables have created / modified even if never used or displayed to the user or whoever.

 

Do you need to validate created / modified? Cake automatically stamps the time in either case correct? And if using Security component there is no way to edit a form to pass anything.

Same with id field, on create it will automatically create the UUID and same if using Security no way to modify a form to by-pass that. You can validate id on update to ensure the record / id belongs to the user or has permission to edit the record.

But that seems like over kill. If they don't have permission to edit the record they should not even be able to access the record / edit action anyways.

 

Am I correct is my assumption or never assume anything and best to validate them anyways?

 

As always thanks for any feedback and opinions!

 

Dave Maharaj

Freelance Designer | Developer
Description: header_logo

www.movepixels.com  |  dave@movepixels.com  |  709.800.0852

 

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
 
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.

No comments: