apologies if this has been answered before.
it seems that the scaffolding that generates the list, edit, details apsx pages uses querystrings to pass the primary key for the relevant record. thus is i have a list.aspx showing me a grid of records, the edit hyperlink will be something like http://../tblTable/edit.aspx?ID=n where n is the key of the record to edit.
however, obviously this is not secure for a multi-user site as someone else with a valid login could potentially see records which they shouldnt simply by trying different "ID=n" values?
is there a way to change this behaviour in a Dynamic Data site or will i have to manually code to ensure a user only see records intended for them?
any help is gratefully appreciated
View Complete Post