开发者

How do I secure all the admin actions in all controllers in cakePHP

问答 作者:

I am developing an application using cakePHP v 1.3 on windows (XAMPP).

Most of the controllers are baked with the admin routing enabled. I want to secure the admin actions of every controller with a login page. How can I do this without repeating much ?

One solution to the problem is that "I check for login information in the admin_index action of every controller" and then show the login screen accord开发者_如何学运维ingly.

Is there any better way of doing this ?

The detault URL to admin (http://localhost/app/admin) is pointing to the index_admin action of users controller (created a new route for this in routes.php file)

Use the Authentication component. You can set it up just for admin routes with something like this:

// AppController::beforeFilter
function beforeFilter() {
    if (isset($this->params['prefix']) && $this->params['prefix'] == 'admin') {
        $this->Auth->deny('*');
        ...
    }
}

Checking only in the index actions is pointless, that's just obscurity, not security. The AuthComponent will check permissions for every single page load.

继续阅读:admincakephpcakephp-1.3routessecurity

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9