Thank you for publishing your code. Very nice to read through it. Can you tell me, is it possible to 'like' or unlike someone else's article, by guessing the id?
No. It's not possible to guess someone else's article (I guess you probably mean reading records here). Those reading records must be get or set with a cookie that indicate the user has logged in with the right account (which is done by ajax in the code).
It looks to me that the url that calls queries_read_records.like_article() only requires a logged in user and a record id in order to set a read record as liked? Are you saying that is not possible to guess the id because it's not a sequential number by default in mongodb?
sorpaas|11 years ago
No. It's not possible to guess someone else's article (I guess you probably mean reading records here). Those reading records must be get or set with a cookie that indicate the user has logged in with the right account (which is done by ajax in the code).
kerridge0|11 years ago
puppetmaster3|11 years ago