You're right, that someone could change the value using Firebug. To prevent this you should use Cakes Security Component. If you use the Security Component and the Form Helper to create your forms, Cake will automagically add a hidden field containing a hash of your fields and the values of hidden fields. If an attacker changes the value of a hidden field or add/deletes a field, Cake will recognize it and stop further processing.
Have a look at the Cookbook (for Cake 2.0) http://book.cakephp.org/2.0/en/core-libraries/components/security-component.html?highlight=security#SecurityComponent -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
