How do i secure my app?
Originally written by avantvision on 2009-02-08.
Hello i have been trying for days to secure my app,
it is a simple project management app where users have nested resources
But i am suffering heavy security issues, i wonder if anyone can check it and try to fix the errors
The main problem is when changing ids of the user show me they’re projects, invoices, etc
like on /users/3/project if i change to /users/1/project i am still able to see the records, i have read several times the permissions and tried to get it right but still no able…
Thanks in advance for your attention.
Edit this page