Sorry..
Not what I was trying to ask. Not the if owner delete part of the action.just the passing of variables thru url.the actual variable. Cake spits out code link/delete/this_slug what could a user change the "this_slug" variable too that could be harful. What should you check /clean / for the variable its self. I only used the delete as a general example so in any case anytime a variable is passed directly to the controller what should you do if anything to make sure its no code capable of damage / injection / disruption Dave From: Tilen Majerle [mailto:tilen.maje...@gmail.com] Sent: December-11-10 12:08 PM To: cake-php@googlegroups.com Subject: Re: Passing Variable to delete in ur case, i will first check, if given id is id for record from some user, and if is, then delete it, otherwise don't delete it... -- Tilen Majerle http://majerle.eu 2010/12/11 Dave Maharaj <m...@davemaharaj.com> When passing an id / slug thru a url for delete is there any security precautions to add? Example Function delete ($id) { $this->Model->deleteAll(array(Model.id => $id, Model.owner => $this->Auth->user('id'))); } So I pretty much always use deleteAll so its got multiple values of checking rightful owner / permission to delete but I'm more curious about the passing of the actual $id since anyone can pass anything they want as an $id if they want to get smart and mess with your site. So what should you do? Any added precautions? Sanitize:: the slug / id? Thanks, Dave Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com <mailto:cake-php%2bunsubscr...@googlegroups.com> For more options, visit this group at http://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
