I'm testing my site for security holes. I've noticed if a regular user tries to access and admin subsite page directly by typing in the url such as www.baseurl/admin/whateverModel they can access the page! I thought this was avoided in the admin site controller with the before_filter... what's going on here?
Sure the pertinent information I don't want shared is protected by the model permissions, but regular users shouldn't be able to view these pages!! So what's wrong here? How do i fix? -- You received this message because you are subscribed to the Google Groups "Hobo Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/hobousers?hl=en.
