How to prevent horizontal ultra vires in addition, deletion, modification and inquiry?

horizontal ultra vires operation and vertical ultra vires operation. The former refers to an attacker"s attempt to access the resources of a user with the same permissions as him, while the latter refers to a low-level attacker"s attempt to access the resources of a high-level user.
https://bbs.csdn.net/topics/3.

for example, a id
comes from the front end to add, delete, modify and check
how to prevent effective users from manipulating resources that are not their own.

where should I put this code in laravel

Mar.30,2021

Authorization learn


this is an issue that I understand involves data permissions.

  1. you can set valid users to have permission to operate on data within certain ranges.
  2. the database table adds fields to record who the data belongs to.
The

code application layer performs relevant checks during data processing. I understand that not all data need to be checked accordingly, which can be verified by permissions, which prevent users from illegal operations through operation permissions and data permissions.

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e59f04-45584.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e59f04-45584.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?