http - Sending a PATCH request to a object that the user does not own -


i'm developing app has frontend , backend component. use jwt tokens authorize network requests.

during development, realize patch route 1 of model objects can patch object account.

i can change data @ url "<some-host>/orders/149" if current user doesn't own data.

this feels insecure, , i'm not fluent backend stack. guy responsible backend junior (fresh out of bootcamp).

i'm wondering if can validation based on jwt token check if user eligible change data.

any other advice appreciated!


-

Comments

Post a Comment

Popular posts from this blog

qt - QML MouseArea onWheel event not working properly when inside QML Scrollview -

i have mousearea inside scrollview inside rectangle . implemented zoom feature zooms in/out when pressing ctrl , scrolling mouse wheel. however, zooms in when scrollview way @ top, , zooms out when scrollview way @ bottom. there additional logic handle external drag , drop of files. issue should able replicated long text inside textedit big enough scrollview . apparently bug before, can't work properly. tried solution in following link: qtquick2: handle onwheel event inside of scrollview rectangle { id: palgenrectangle layout.minimumwidth: 50 property string display //width:800 color: "white" scrollview { id: palgentextscrollview anchors.fill: parent mousearea { id: mousearea anchors.fill: parent onwheel: { if (wheel.modifiers & qt.controlmodifier){ if (wheel.angledelta.y > 0) { mainte...
Read more

java - is not an enclosing class / new Intent Cannot Resolve Constructor -

thanks checking out question! i have relativly ismple loop add onclicklistener each imageview add layout, when trying add new intent it, gives me 1 of following errors: string[] imageurls = imageurlsstring.split("/"); (int = 0; < imageurls.length; i++){ imageview image = new imageview(this); image.setlayoutparams(new android.view.viewgroup.layoutparams(getpx(182),getpx(256))); image.setpadding(getpx(3),getpx(3),getpx(3),getpx(3)); final string imageurl = ".../images/" + imageurls[i]; picasso.with(this).load(imageurl).into(image); image.setonclicklistener(new view.onclicklistener() { @override public void onclick(view view) { intent intent; intent = new intent(this, imageactivity.class); intent.putextra("url", imageurl); startactivity(intent); } }); linearlayout.addview(image)...
Read more

python - Error importing VideoFileClip from moviepy : AttributeError: 'PermissionError' object has no attribute 'message' -

i'm using jupyter notebook. have tried anaconda console well. tried importing both ways shown below from moviepy.editor import videofileclip moviepy.video.io.videofileclip import videofileclip both of them gave me same error. full trace below attributeerror traceback (most recent call last) <ipython-input-10-9afa9d6e87c4> in <module>() 6 import glob 7 import math ----> 8 moviepy.editor import videofileclip 9 moviepy.video.io.videofileclip import videofileclip c:\program files\anaconda3\lib\site-packages\moviepy\editor.py in <module>() 20 # clips 21 ---> 22 .video.io.videofileclip import videofileclip 23 .video.io.imagesequenceclip import imagesequenceclip 24 .video.io.downloader import download_webfile c:\program files\anaconda3\lib\site-packages\moviepy\video\io\videofileclip.py in <module>() 1 import os 2 ----> 3 moviepy.video.videoclip import videoclip ...
Read more