Re: passing post_id to comments

You're right, that someone could change the value using Firebug. To
prevent this you should use Cakes Security Component. If you use the
Security Component and the Form Helper to create your forms, Cake will
automagically add a hidden field containing a hash of your fields and
the values of hidden fields. If an attacker changes the value of a
hidden field or add/deletes a field, Cake will recognize it and stop
further processing.

Have a look at the Cookbook (for Cake 2.0)
http://book.cakephp.org/2.0/en/core-libraries/components/security-component.html?highlight=security#SecurityComponent

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.

To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php