Log message #4226909

# At Username Text
# Feb 13th 2020, 14:21 noel @rightscoreanalysis you can't. You have to limit their privileges based on their user type. But you can't stop them doing something they are authorised to do. What would be the point?
# Feb 13th 2020, 14:21 challgren @rightscoreanalysis https://book.cakephp.org/4/en/controllers/components/security.html
# Feb 13th 2020, 14:21 rightscoreanalysis @noel yes I see your point. So how can we prevent soemone who is authorised from posting to the backend?
# Feb 13th 2020, 14:18 challgren No that really depends on your requirements what you have protected and what you dont
# Feb 13th 2020, 14:18 sebastian.krzewinski. its something wrong?
# Feb 13th 2020, 14:17 challgren If thats what you want.
# Feb 13th 2020, 14:17 sebastian.krzewinski. but only for home and pages
# Feb 13th 2020, 14:17 sebastian.krzewinski. i think about this: $this->Authentication->addUnauthenticatedActions(['index', 'view']);
# Feb 13th 2020, 14:16 challgren @sebastian.krzewinski. see https://book.cakephp.org/4/en/tutorials-and-examples/cms/authentication.html near `In your UsersController, add the following code:`
# Feb 13th 2020, 14:14 noel @rightscoreanalysis for that to happen, the authorised use would be the hacker and would be hacking his own session... which isn't what CSRF protection is designed to prevent.
# Feb 13th 2020, 14:07 sebastian.krzewinski. how to create login to /admin not only form funcions like add edit
# Feb 13th 2020, 13:50 sebastian.krzewinski. good to know
# Feb 13th 2020, 13:50 challgren It will be more updated than a pdf you save
# Feb 13th 2020, 13:50 challgren Use the website
# Feb 13th 2020, 13:49 sebastian.krzewinski. copying from pdf doc is terrible
# Feb 13th 2020, 13:49 sebastian.krzewinski. ok i see
# Feb 13th 2020, 13:48 challgren @sebastian.krzewinski. need a space there
# Feb 13th 2020, 13:47 sebastian.krzewinski. he?
# Feb 13th 2020, 13:47 sebastian.krzewinski. https://i.imgur.com/6UMRZKi.png
# Feb 13th 2020, 13:46 slackebot have a form?
# Feb 13th 2020, 13:46 rightscoreanalysis I am using the CRUD plugin, the book recommends to protect against csfr for ajax requests by adding the token found in the hidden field of the form to the request header. But what is to stop someone uo to no good from viewing the ource of the form and copying the token and adding it to a request in something liek Postman - I don't see how the request is not open to anyone with the token? Also what about get requests which do not
# Feb 13th 2020, 12:36 sebastian.krzewinski. now i figured how is work connection controller with actions and if i link a button with simply action like "add" there will be working everywhere
# Feb 13th 2020, 12:31 sebastian.krzewinski. i know i know. its stupid for you but still learning this framework
# Feb 13th 2020, 12:30 noel Any idea what's causing this: ```Aura\Intl\Exception: Package 'cake' with locale 'en_US' is not registered. in /vendor/aura/intl/src/Aura/Intl/PackageLocator.php```
# Feb 13th 2020, 12:22 challgren Is it a remote? I have ones of those!
# Feb 13th 2020, 12:18 slackebot Action: admad wonders what the "universal button" does, is it as powerful as Thanos' snap?
# Feb 13th 2020, 11:52 pieceof thx sz
# Feb 13th 2020, 11:52 sebastian.krzewinski. @dereuromark i solved it
# Feb 13th 2020, 11:52 dereuromark I never use the magic methods, they kill all IDE support^^
# Feb 13th 2020, 11:52 neon1024 @pieceof Just append `->select()`?
# Feb 13th 2020, 11:52 dereuromark @sebastian.krzewinski. what is a universal button?
# Feb 13th 2020, 11:51 pieceof is it posible to add fields[] to ```$users->findTrollsByUsername('bro');``` by design ?
# Feb 13th 2020, 11:46 sebastian.krzewinski. I have a question, there is possible to do universal button from add funcion?
# Feb 13th 2020, 11:36 damiano yeah i found them too (soyoustart)
# Feb 13th 2020, 11:36 admad @damiano if you are in EU OVH has cheap VPS with free Plesk
# Feb 13th 2020, 11:30 damiano thanks @javier.villanueva
# Feb 13th 2020, 11:27 javier.villanueva I recommend you https://uberspace.de/en/
# Feb 13th 2020, 11:17 damiano it is a website, it is not for dev purpose
# Feb 13th 2020, 11:16 damiano @dereuromark yeah it must run 24/7
# Feb 13th 2020, 11:16 damiano thanks @challgren i am looking at their website
# Feb 13th 2020, 11:16 conehead Getting 500..not even receiving a `die("foo")` from the index.php file. When removing the last rewrite rule, I can see the die message