开发者

How do I secure all the admin actions in all controllers in cakePHP

开发者 https://www.devze.com 2022-12-30 06:51 出处:网络
I am developing an application using cakePHP v 1.3 on windows (XAMPP). Most of the controllers are baked with the admin routing enabled. I want to secure the admin actions of every controller with a

I am developing an application using cakePHP v 1.3 on windows (XAMPP).

Most of the controllers are baked with the admin routing enabled. I want to secure the admin actions of every controller with a login page. How can I do this without repeating much ?

One solution to the problem is that "I check for login information in the admin_index action of every controller" and then show the login screen accord开发者_如何学运维ingly.

Is there any better way of doing this ?

The detault URL to admin (http://localhost/app/admin) is pointing to the index_admin action of users controller (created a new route for this in routes.php file)


Use the Authentication component. You can set it up just for admin routes with something like this:

// AppController::beforeFilter
function beforeFilter() {
    if (isset($this->params['prefix']) && $this->params['prefix'] == 'admin') {
        $this->Auth->deny('*');
        ...
    }
}

Checking only in the index actions is pointless, that's just obscurity, not security. The AuthComponent will check permissions for every single page load.

0

精彩评论

暂无评论...
验证码 换一张
取 消