How do i secure my app?

Originally written by avantvision on 2009-02-08.

Hello i have been trying for days to secure my app,

it is a simple project management app where users have nested resources

But i am suffering heavy security issues, i wonder if anyone can check it and try to fix the errors

http://github.com/avantvision/botstart/tree/master

The main problem is when changing ids of the user show me they’re projects, invoices, etc

like on /users/3/project if i change to /users/1/project i am still able to see the records, i have read several times the permissions and tried to get it right but still no able…

Thanks in advance for your attention.


Edit this page