Security, appropriate use cases?

[sensiblearts]

Greetings,
Is this considered secure enough to let a random customer have a editor access? Or is the use case more of internal employee?

I have not yet looked at the code; is it protected from SQL injection or other attacks?

Thanks,
David

[jamonholmgren]

Hey @sensiblearts, I appreciate your patience! I didn't see this until now.

The use case that we've used it for is internal employee. However, in theory it should be secure enough for a random customer to have access.

In any event, you are able to verify what they're posting before we write it to the server.

thesis-phoenix/lib/thesis/api_controller.ex

Line 8 in bbf88df

plug :ensure_authorized! when not action in [:show_file]

Check that out. It's pretty simple code.