Restrict action to only read/write rows that authenticated user has access to

stayradiated / volatile

A service for automating cryptocurrency trading.

https://volatile.co.nz

2 stars 4 forks source link

Open stayradiated opened 3 years ago

stayradiated commented 3 years ago

Currently actions are vulnerable to input manipulation and will execute with any existing UUID.

stayradiated commented 2 years ago

This is important, should be easy to fix as well.

stayradiated commented 2 years ago

This is a top priority.