Y
Hacker News
new
|
ask
|
show
|
jobs
by
tptacek
3261 days ago
By making the owner's userid implicit, you're foreclosing on the possibility of authorization bugs where an endpoint fails to verify that the current user is authorized to see orders from user 654321.