dimanche 30 août 2020

Restrict HTTP access in CakePHP

I have a Controller class that extends from AppController in CakePHP. And this Controller class has a public function .. lets say testFunc()

    class xyzController extends AppController {
          ..
          ..
          public function testFunc($params, $auth_username)
          {
                 ..
                 ..
          }
    }

I have made this function public since I need to call it from another Controller that too extending from AppController.

class abcController extends AppController {
      ..
      ..
      public function callingFunc()
      {
             ...
             $controller = new xyzController($this->request, $this->response);
             $controller->testFunc($params, $username);
      }
      ..
      ..
}

But since I made it public, I see that testFunc() is accessible using curl command for the below https path

https://[ip_address]/xyz/testFunc/arg=test/root

As you can see, the above path takes "root" as argument to testFunc() and gives full access to anyone using the above path in curl command.

My requirement is to remove this security issue.

I am totally new to PHP and CakePHP. Can someone please give any pointers to how I can proceed?




Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)