issues
search
Seerden
/
Rack
Exercise tracking
0
stars
0
forks
source link
Protect routes and queries
#26
Open
Seerden
opened
2 years ago
Seerden
commented
2 years ago
Data should be bound and only accessible to the user that owns it.
implement middleware to disallow reading, writing data that doesn't belong to the user making the request
do a once-over to check that we only insert ids into database queries using session values, not using request information
Data should be bound and only accessible to the user that owns it.