Access to database rows


#1

I have created a database through DreamFactory and I have created a simple UI that allows users to add rows to the database. Through my UI I would like to then be able to show entries the user has added. I know how to do all of this but my concern is, how do I prevent user A from viewing user B’s data? The query from the UI to filter the database results will include the logged in user ID, but anyone could easily see that raw request, change the user ID and be able to view another user ID. Is there some way on the server to restrict the rows in the database a user has access to?

Thank you


#2

This is easily accomplished with server-side scripting. Here is a thread that covered this topic thoroughly:

And here is another thread with some more details:

And here are some references from our documentation that give you a technical basis for the details:


Returning the logged in user's name with a custom script