validating access by url |
Hi all,
I have a multiuser application and the user can access to http://myapp/bills/edit/1 to edit the bill with id 1. Looking at that url the user can modify it to http://myapp/bills/edit/2 to edit the bill with id 2 But maybe the bill with id 2 belongs to another user!! there is a way to control that kind of accesses?? maybe with any configuration? To check it in database will be a lot of work (I have several controllers) Thanks in advance My apologies if it's a duplicated thread ... |
Messages In This Thread |
validating access by url - by icbr - 08-28-2017, 07:28 AM
RE: validating access by url - by donpwinston - 08-28-2017, 09:41 AM
RE: validating access by url - by icbr - 08-31-2017, 02:47 AM
RE: validating access by url - by PaulD - 08-31-2017, 11:33 AM
|