Posting on behalf of the author, and as someone who worked on these checks at incident.io!
Making sure we correctly scoped our API endpoints and database queries has been a bit of a tricky one, but the strategies we detail in the article (enforcing where clauses at the database level, checking API responses) have made us a lot more confident.
Would be interested if other people have encountered similar problems? Very few of our team have experience working on large scale Go web-apps, so don't know what the standard solutions are.
Making sure we correctly scoped our API endpoints and database queries has been a bit of a tricky one, but the strategies we detail in the article (enforcing where clauses at the database level, checking API responses) have made us a lot more confident.
Would be interested if other people have encountered similar problems? Very few of our team have experience working on large scale Go web-apps, so don't know what the standard solutions are.