I agree with you... Infact, I've been thinking about it from long
time. Its surely a security risk... Though it looks like we are just
exposing the database structure, but its still a confidential
information, which can take attacker to his aim....
Cake might be secured enough, but consider some server which is
running number of web applications. The DB structure can still help
through other way out..
I think there should be some encryption needed in field names before a
View is rendered.
<input name="data[User][password]">
can be modified to:
<input name="data[prka][RgKDssd]">
These keys can be generated by Cake randomly when a Model is created/
accessed for the first time and can be kept in Cache along with model
data.
On Oct 10, 8:19 am, Comida411 <[EMAIL PROTECTED]> wrote:
> I am a new bee to cake PHP and I have a concern on the way cake expses
> the data model of the application in the view.Since we have to follow
> a naming convention for cake to update the model automatically from
> the view. I see there is a risk of exposing once's data model.
>
> Example:
> I have a user table "users" with fields 1) email_address 2)
> password
>
> On my view when I use cake sysntax like below
> <?php echo $html->input('User/email_address', array('size' => '40'))?
>
>
>
> When the page is rendered if some one does a view source he can
> clearly see the table name and the coloum name.
>
> Is it not a security risk?
>
> thank you for your response..
> Sincerely
> Comida411
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
