Hi,
I've just launched a site for a client that had quite a big form in it that
people were spending a long time trying to complete. Because some people
were walking away form the form then coming back later and trying to submit
their security tokens were expiring so the client asked me to disable
security for that form.
I did the following:
if ($this->request->action == 'add') {
$this->Security->validatePost = false;
$this->Security->csrfCheck = false;
}
Fast forward to this evening and someone has managed to delete the users
table from the database. Could disabling validatePost and csrfCheck have
allowed someone to do SQL Inject a table drop?
Thanks,
Paul.
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
