Home>

When implementing a delete form, if you use POST, rails, etc. with html, I think that it will be implemented with the DELETE method, but
For example, when deleting a user and implementing "action ="/delete /: user_id "", if the user_id part is rewritten with a developer tool, the rewritten user will be deleted, right?
How can I avoid this?

Addition:
For example, if you have a list of users and click the "Delete" button, a js confirmation dialog will appear. If i click OK, I want to execute the deletion process.

User name Edit Delete
A-san Edit Delete
B-san Edit Delete
C-san Edit Delete
  • Answer # 1

      

    If you rewrite it, the rewritten user will be deleted?

    Yes.

      

    How can I avoid this?

    If you have the right to delete, regulating it doesn't make much sense, as it iswhat you can do. If you don't want a specific person to delete a specific issue, you need to build such logic on theserver side.

  • Answer # 2

      

    If you rewrite it, the rewritten user will be deleted?

    This is possible if you simply delete the specified ID.

      

    How can I avoid this?

    Check with registered email and enter password. Isn't it possible to delete only the account related to login?

    It's a little unclear, but I can't give an accurate answer.


      

    Addition:
      For example, if you have a list of users and click the "Delete" button, a js confirmation dialog will appear, and if you press OK, you want to execute the deletion process.

    You should stop it.

    If it is absolutely necessary, pressing the delete button will bring up the password input screen and if it matches, it will be a procedure called "delete".