Thursday, September 11, 2014

Re: Security Component is Ruining my Life

oh, ok.  fair enough if it doesn't know it can't tell me.  

On 12 September 2014 12:32, mark_story <mark.story@gmail.com> wrote:
One of the issues with the field hashing is that SecurityComponent doesn't know what is wrong either. It just knows that the hash of the data does not match what was generated in the past.

-Mark


On Monday, 8 September 2014 21:47:05 UTC-4, #2Will wrote:
I've got an app i have been maintaining for a while now.  The security component causes more headaches than anything else.  In fact, because cakephp is so nice to work with, i think Security Component (SC) causes all the headaches...

I've read through the docs a fair bit, i have bits of code scattered around turning off the SC all over the place, which makes me feel sick from 2 points of view:  

1.  What a mess
2.  No SC == not great security. 


One issue is it doesn't seem to give back enough detail on EXACTLY what went wrong.  

This morning a form that has no JS has decided to blackhole even though i'm applying the following fugly hack to ask it to leave me alone....


$this->Security->allowedControllers = array("people");
    if ( in_array($this->action, array('edit' ,  'simport'))){
      $this->Security->validatePost = false;
 }


I email myself every time these occur.  With "details" of the error.  Which more or less amount to $type  = "auth" - which according to the docs means:

"Indicates a form validation error, or a controller/action mismatch error."

well, i  / JS hasn't messed with the form (that's what form validation is about right?) and that is being disabled anyway,  and it's showing the form in the action simport and posting to that action, all in the same controller.  

adding this deeply depressing line of code makes my basic form work:
 $this->Components->unload('Security');

How can I get much better details of the error? How can I work with SC in a better way so it is generally on, not disabled around the site for assorted poorly understood reasons..?

W

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

---
You received this message because you are subscribed to a topic in the Google Groups "CakePHP" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cake-php/xCYXAwaj-XI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.



--
Will Barker
0424 366 468

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)