You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This came out of a discussion about some authorization checks performed in the API handlers.
Alec:
The way the authorization framework tackled this was to tie together the fetching of an object (typically from the DB) with its validation. The risk of introducing security flaws typically happens when an object is fetched but never validated.
I think at some point we're going to need to move our current policy framework over into something standard -- like https://laravel.com/docs/5.7/authorization -- and that may help solve the problem here as well. But that'll certainly overload this task. Mind filing it for later?
Housekeeping:1:TodoAny dependency management or refactor that would be nice to have some day.
1 participant
Converted from issue
This discussion was converted from issue #4238 on May 31, 2022 10:48.
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
This came out of a discussion about some authorization checks performed in the API handlers.
Alec:
Full conversation: #3931 (comment)
Beta Was this translation helpful? Give feedback.
All reactions