I’ve recently built an app that has a ton of forms. In order to speed up development time, I used Autoform (a wonderful package). However, because Autoform does operations client side, I can’t just set my allow rules to false like I would if I was doing everything with methods. This results in me having to set a TON of security rules in allow/deny callbacks. Furthermore, it is likely that I will miss certain things and there will be security holes all throughout my app (lots of collections with lots of sensitive data so I can’t afford any holes).
I’m thinking that I may need to switch all of my forms over to autoform method forms and create a method to handle each so that I can just avoid the allow/deny circus. I’m pretty late to the autoform party (just started using it a month or so ago) so I haven’t yet discovered the best way of securing an app while using autoform. I’d appreciate any suggestions from those who have experience in this area!