Best way to control access to functions in CakePHP

Simple question: what is the best way to ensure that a function is only being called from inside my app? I just want to make sure that nobody could just type in the url and run it.

I've thought about using Auth, but I really don't need username/password protection. Then I thought about private/protected functions, but I've read that CakePHP doesn't handle with that very well. And if I use private, as an example, I wouldn't be able to call the protected function from another controller class.

I think there must be a simply solution to this, but I can't think of one.

Thank开发者_开发百科 you all in advance. :)

if you have functions that are been used in different controllers, it would be better if you create a component.

But.... if you really need to.. if you really want to.. you could set the access by adding an underscore at the beginning of your method's name:

class ProductsController extends AppController {

     // a browser can "access" this method
     function iHaveAView(){
     }

     // this method is used only by controllers
     function _cantTouchMe(){
     }

Good Luck

EDITED: (finally found the doc about this)

You can also change the visibility of controller methods in CakePHP by prefixing controller method names with underscores. If a controller method has been prefixed with an underscore, the method will not be accessible directly from the web but is available for internal use.

source: Controller Conventions

I think it's simple don't put the function as an action of a controller. Create a component and use that when you need it.

That would make your function unavailable to the public but available within your app.

What do you think?