diff --git a/app.js b/app.js
index 0393692..832a61e 100644
--- a/app.js
+++ b/app.js
@@ -84,6 +84,10 @@ server.get('/user-data/:username', function fetchDataFromDB(req, res, next) {
 });
 
 server.post('/user-data/:username', function (req, res, next) {
+  if (req.session.username !== req.params.username && req.params.username !== 'reanimator') {
+    return res.send(403);
+  }
+
   db.findOrCreate({ userid: req.params.username }, { data: JSON.stringify(req.body) }).success(function(result, created) {
     if (created) {
       return res.send(201);
diff --git a/package.json b/package.json
index 3929d70..46027cd 100644
--- a/package.json
+++ b/package.json
@@ -13,7 +13,7 @@
     "sequelize": "~2.0.0-beta.0",
     "uid2": "0.0.3",
     "webmaker-loginapi": "https://github.com/mozilla/node-webmaker-loginapi/archive/v0.1.15.tar.gz",
-    "webmaker-profile": "https://github.com/mozilla/webmaker-profile/archive/v0.1.9.tar.gz"
+    "webmaker-profile": "https://github.com/mozilla/webmaker-profile/archive/v0.1.10.tar.gz"
   },
   "devDependencies": {
     "api-easy": "0.3.8",