Description
This idea is to improve overall security using additional layer views. Issues that could potentially arise with current security:
- Public can approve their own data (layer views are not set to hide this)
- Public can modify any of the records and associated data
- Public can access individual user data, email, phone, name, etc.
Solutions:
Restrict access to private user data
User data, such as email, phone, etc, should be submit only via the public layer view. They should not be queryable, and should certainly not be editable. The default layer view for creating data should be modified to be submit-only. No updates allowed.
An additional layer view should be created for querying geometry and comments.
Restrict editing on existing data
Only fields that need to be editable should be allowed to edit. (Number of likes). There should be an additional layer view allowing updates only to this field.
Document security best practices
For lots of users, they won't realize that their data can be easily dropped into a web map and modified. Good security practices and instructions should be provided for users.