I am on CakePHP 2.4 and I want to block access to a specific endpoint from un-authorized requests (not coming from my site). I believe a nonce is the right tool for this job. Does CakePHP offer support for this? I didn't find it in the docs, but perhaps I overlooked something.
Does CakePHP offer nonce support?
541 views Asked by emersonthis At
4
There are 4 answers
0
On
If the core does not provide an adapter for it then you'll have to write one yourself. How to do that is explained on the doc page you've linked in your question.
Or check https://github.com/ceeram/Authenticate, maybe the Token adapter is what you're looking for.
0
On
CakePHP 2.x does offer nonce support.
In the general web community this is a type of attack called CSRF or Cross Site Request Forgery.
To prevent this type of attack, you want to use the Security Component which has specific features to prevent this type of attack. The book has a lot more information in detail about using this feature.
0
On
Yes, it does. You can enable it app/Controller/AppController.php https://book.cakephp.org/2.0/en/core-libraries/components/security-component.html#csrf-protection
public $components = array(
'Security' => array(
'csrfExpires' => '+1 hour'
)
);
CakePHP Security component http://book.cakephp.org/2.0/en/core-libraries/components/security-component.html will automatically add nonce to its generated form to prevent CSRF attack.