Greetings, I am new to CakePHP. I've tested several other frameworks (Laravel, CodeIgniter, Symfony, Yii, and even a clever little one called PHPixie). My choice is to go with CakePHP for various reasons, but mostly because it makes sense to me.
I like everything I see about CakePHP, but I am wondering how experienced Cake developers handle security. I know that this is a big topic and there is no single answer, but what are the general steps you take to secure an app in CakePHP? I am talking about an app where I will be accepting form inputs from logged-in users. Here's what I understand so far: 1. I really like the Cake Data Validation class<http://book.cakephp.org/2.0/en/models/data-validation.html>. This seems to allow very nice control of form inputs. 2. I'm confused about the removal of the Data Sanitization tool<http://book.cakephp.org/2.0/en/core-utility-libraries/sanitize.html>. Was this done because there are better built-in methods for this, or is it because the framework no longer handles sanitization? Can anyone please shed some light on general "good practices" on securing CakePHP apps? Thank you! Matthew -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out.
