CakePHP 3 Tutorial 20: Obscure URLs

Submitted by naidim on Thu, 10/27/2016 - 09:33

By default CakePHP uses the unique Id of each record to view each record. For example http://hostname/application/model/view/6. This makes things simple and convenient, except when you want to allow an anonymous user to add and view their record, but no one else. Another user could simply iterate the id field and view all records in the table.

Obscurity is not real security, but can be enough in some instances, and is slightly better than no security at all.