OK, maybe I know what to do now. :) On 8月27日, 上午3時28分, aranworld <[EMAIL PROTECTED]> wrote: > I agree wtih benjam that URL obscurity is not a good way to protect > content that could otherwise be protected through something like ACL. > > The reason why the Flickr example is interesting is because they are > actually using URL obscurity to protect images, which like any binary > downloadable file are much harder to protect via server side > scripting. > > All Flickr's images -- even ones labelled private -- can be viewed if > you know the direct URL. They are actually relying solely on complex > URL to protect their images. So checking out their system might > provide some direction on what it takes to achieve this level of > security -- as imperfect as it ultimately is. > > -Aran > > On Aug 26, 7:08 am, benjam <[EMAIL PROTECTED]> wrote: > > > You should probably take a look at why you want to keep people from > > viewing certain URLs. > > > If it's from a security standpoint, you should probably have some > > server side scripting that blocks the URL, not just a "If there's no > > link, then I hope they can't guess my URL" security system. > > > And if you are trying to block content, this falls under a similar > > idea. Give users levels (or some other flag that shows they are > > allowed to access that particular data, or image, or whatnot), and if > > they don't have the right level, block the content server-side. > > > You should never trust a fancy URL to block content from users. > > > And then you can use the solutions given by others to further increase > > your security. > > > On Aug 25, 9:24 pm, Jerry <[EMAIL PROTECTED]> wrote: > > > > Hi: > > > > is there any way to make application url difficult to guess? > > > since cake reads record by id, it also provides a way for user to > > > guess the record to retrieve.
--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
