Friday, August 8, 2014

Re: GET or POST

You should check the ACL in the edit controller action before actually doing anything

/thomas


On 08 Aug 2014, at 22:33, Steve Thomas <smt9964@gmail.com> wrote:

All the manager would have to do is change the id in the address bar to access another user. Possibly a user from a different company which they shouldn't be able to access.  

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)