aide's Issues
no way to surf to /caregivers from homepage
too easy to hack query param to lookup db fields
You have made it possible to look up alternative fields on the caregiver
model and any associated models (e.g. the associated user
):
- https://aide-initiative.herokuapp.com/caregivers?utf8=%E2%9C%93&q%5Bfile_cont%5D=69cb564b-2bc1-425c-99bd-1b14c44112fb&commit=Search
- All caregivers with "69cb564b-2bc1-425c-99bd-1b14c44112fb" in their
file
name.
- All caregivers with "69cb564b-2bc1-425c-99bd-1b14c44112fb" in their
- https://aide-initiative.herokuapp.com/caregivers?utf8=%E2%9C%93&q%5Buser_first_name_start%5D=n&commit=Search
- all caregivers with a user.first_name that starts with "n" (!!!)
This is a HUGE security hole.
unprotected endpoints
The following endpoints are missing authorization logic:
- caregivers#update
- caregivers#send_email
- users#update
- patients#update
Project observations and improvements
Hi all,
In addition to the comments made in the pull request for code-review I wanted to make some general observations:
Overall I felt that the project went well. The group seemed to work well and accomplish the majority of the goals that were set out for y'all. I found the workflow to be efficient and effective and that really showed during the presentation.
A few notes:
-Certainly work on the indentation of the template pages. There are instances where it becomes difficult to read because of inconsistent indentation.
-Take a look at many places where there are double quotes in place of single quotes. If you are not using string interpolation go with single quotes as that is the 'Rails Way'
-Take care to look at the previous three issues that Nathan has pointed out for security issues. These are extremely important especially dealing with the sensitive nature of the patients for this project.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.