Security of Cake Php due to the conventions followed [closed]

Closed. This question is off-topic. It is not currently accepting answers.

---

Want to improve this question? Update the 开发者_运维技巧question so it's on-topic for Stack Overflow.

Closed 11 years ago.

Improve this question

I want to know whether the conventions that are followed in cake php poses any kind of security vulnerability in the web app. As in it is a convention to set id as the primary key in all the tables.So doesn't it provide a security vulnerability as any attacker will be knowing that id is the primary key in a particular table so this information can be helpful to the attacker.Similarly there are many other conventions that have to be followed which basically makes development using the framework very easy but may cause security issues in the app.

---

According to the OWASP security standards ... security by obscurity is not a good way of developing securely. Therefore even though the hacker knows that your primary keys are named "id" .. it shouldn't be an issue.

In fact if the hacker is able to execute some sort of malicious SQL he might as easily execute a describe table and know what the primary key is even if it is not named "id" :) ... I would rather focus on developing in such a way where no malicious scripts can be executed in the first place :)

What do you think?

Source: https://www.owasp.org/index.php/Category:Principle