Browse files


  • Loading branch information...
1 parent 4854fa4 commit 4227d614304f7ec57cf0c6c0efae65eae1d15e08 @jcasimir jcasimir committed Apr 8, 2013
Showing with 1 addition and 1 deletion.
  1. +1 −1 source/topics/fundamental_security.markdown
@@ -159,7 +159,7 @@ Based on the second controller snippet, a not-found `order` will result in a saf
### Things to Remember
-* Be vary suspicious of any class method in a controller.
+* Be very suspicious of any class method in a controller.
* Nefarious users can access any public action and pass in any combination of parameters they want. Just because there's no link or form doesn't mean an action can't be exploited.
* Scope all queries off of a domain object, like the current user.
* Be careful with your order of operations -- don't change any data until you've successfully found the specified record.

0 comments on commit 4227d61

Please sign in to comment.