Open ghost opened 6 years ago
Hi! Thank you for the feature request. I'm not sure how soon it will happen, but something like this will definitely be added in the (hopefully) near future!
I think this general class of vulnerability is one of the more common issues in Phoenix applications.
This would be useful, but only if you can ignore specific changesets somehow.
👋
Not particularly phoenix related, but is it possible to catch if foreign keys can be set from
params
passed in by a user through a controller action? Abusing different ectocast
s down the line (up the stack?) allows attackers to modify resources that don't belong to them.I've seen many phoenix projects do something like this
As a possible solution / suggestion: