I'm currently developing a CRUD application where users have an item
page where they can create, read, update and delete their own items
which are then stored in a database. Now, if a user accesses an item
that they created as follows:
http://127.0.0.1/index.cfm/user/editItem/id/344
How would I ensure only the user who owns that item can access that
url? Orginally I was looking at the security interceptor but there is
virtual no examples of using querystrings so I'm thinking that isn't
what the interceptor is for? What is the correct method for securing
urls in this situation?
Regards,
Justin