php - Security For URL'S Laravel 5.1 -
i developing application in laravel 5.1, have multiple users have different permits , when log in can edit example account , route app/user/1/edit if user change id app/user/2/edit can edit information of other user, there way protect url? :d
one of solutions putting middleware on route , comparing logged users id 1 in url (for routes actually, viewing, editing etc)
1 using user/edit instead , getting id directly session data, , recommend
of course still have make sure nobody can post id, middleware or getting user id session instead of post save
Comments
Post a Comment