[eluser]Peter Bowen[/eluser]
A logged in user should only be able to access records (eg contacts, invoices etc) belonging to them.
The record id is passed from the view to the controller either in the URI as controller/method/[id] or as a hidden form field. This means that the record id is visible to a logged in user.
Someone could log in and then try to guess the id and do horrible things. (It would be difficult because it's a long random string) but that's not enough security.
Right now the owner's id is stored with each record. The model checks that the record belongs to the user before doing anything with it. This seems wasteful - an extra database call every time a record is read, updated or deleted.
Is there a better way to do it? I'd appreciate your thoughts.
Kind regards
Pete Bowen