I want to know whether the conventions that are followed in cake php poses any kind of security vulnerability in the web app.
As in it is a convention to set id as the primary key in all the tables.So doesn’t it provide a security vulnerability as any attacker will be knowing that id is the primary key in a particular table so this information can be helpful to the attacker.Similarly there are many other conventions that have to be followed which basically makes development using the framework very easy but may cause security issues in the app.
I want to know whether the conventions that are followed in cake php poses
Share
According to the OWASP security standards … security by obscurity is not a good way of developing securely. Therefore even though the hacker knows that your primary keys are named “id” .. it shouldn’t be an issue.
In fact if the hacker is able to execute some sort of malicious SQL he might as easily execute a describe table and know what the primary key is even if it is not named “id” 🙂 … I would rather focus on developing in such a way where no malicious scripts can be executed in the first place 🙂
What do you think?
Source: https://www.owasp.org/index.php/Category:Principle