A while ago I wrote about how to have a production setup on a shared host, an insightful comment from CraZyLeGs pointed out that the same idea could be extended (on either a shared of dedicated machine) to allow multiple applications to be installed on the same server, and have multiple parallel versions of cake installed as well. For some time, and in reality probably since before the time of writing the initial post, I have been doing exactly that and as it's come up in discussion a few times here's an explanation of exactly how to have multiple applications, with multiple cake installations and mix and match them however you like. First I'll explain where files go, and then show the index.php file that allows you to make it work.

Over time I have become more and more interested (concerned?) with the security aspects of web development, and lately I've been looking at defense tactics against CSRF type attacks. To put CSRF into layman speak using a typical example, its an exploitation of sites where the only means of checking whether or not to do something, is to check if the request came from a logged in user. To put it more technically it's exploiting a site that has no capability-based security.

The use of form tokens, to ensure that a form request is genuine, is an example of capability-based security and that's exactly what Cake's security component does for you. However if a controller action requires only url parameters to execute unless steps have been taken this action will still succeed if the url is simply typed into the address bar of a browser. This means the code is not HTTP safe and susceptible to CSRF attacks. With only a few changes to your application code it is possible to eliminate this risk.

Hurray it's the middle of summer and obviously like most people I am quite focused on testing code. What? You mean that isn't a typical summer activity :D?

I've written a few tests with the CakePHP test suite now and can safely say that after you have written your first one, it's very easy to write another. One thing that is a great help but not so clear how to do is how to debug a test while you are writing it. So here are a couple of tips on the topic..