Hello, How do I avoid that users can change the user_id in the hidden-fields from firebug. I was surprised that I can log in with a user and create a record on the behalf of another user by changing the user_id value with firebug.
User model: has_many :arts, :dependent => :destroy Art model: belongs_to :user, :creator => true Best regards. Asbjørn Morell -- You received this message because you are subscribed to the Google Groups "Hobo Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/hobousers?hl=en.
