On Oct 10, 11:27 am, wralph <[EMAIL PROTECTED]> wrote: > What your talking about is security through obfuscation and it never > works against a persistent hacker. There is no security risk in > publishing the DB tables and fields, the risk is in the strength of > the passwords for connecting to the DB and the level of access given > to particular users - this has nothing to do with cake. > > winston
There is one thing to consider and that is that the form elements are directly related to the model fields (db table field) names which introduces a level of coupling. This isn't the case for models<->table names, since it is possible to disassociate the two, but it's not possible to automatically disasociate the db fields from the input fieldnames without doing it yourself. It isn't necessarily a security risk but the details of the model implementation should have no impact out side the class if it changes - as is the controller and view files would need updating in this event. Well, food for thought, AD --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
