Displaying 1 result from an estimated 1 matches for "oelker".
Did you mean:
felker
2005 Mar 05
9
Best practice to manage ''id'' hacking?
In my app, a user logs in [via the login generator] and has access to
details of his account, and transactions attached to his account.
This is achieved in the standard rail manner by passing the account id
or transaction id between the controller and the view.
But what is to stop someone hacking the URL or view html to access
another account id or transaction id ?
eg /account/show/46 becomes