Protection Against Form Modification
Learn about user and role protection, the issues we'll face, make design decisions, and learn to write request tests for the user and role protection.
We'll cover the following...
Preventing form modification
There is at least one blind spot in the user and role protection. The project show page has a form that submits a new task. That form is submitted to the TasksController, which doesn’t handle any user-access control. The use case here is a malicious user not going through the web UI but rather creating ...