I am working on restul api and unable to find a solution to my prob.
I have a get request to get resource by ID, I have implemented basic authentication.
Now if somebody changes the Id in the get request , He can access resource of other users as well.
How can I restrict user to see his resources only, Do I have to create some security filter for every type of resource?
Any Link to best practises to prevent this kind of issue will be appreciated!
Aucun commentaire:
Enregistrer un commentaire