If upon signup I set a field in the users table “is_active = no”, can that action be tampered with so that someone changes the field to “is_active = yes”?
Explaining myself a little bit more.
I have a field in my users table that the admin manages, and that field is used as a primary privacy rule measure.
During signup I set that field’s value, but I do not know if someone could edit the workflow code from the front-end and send a different request to the server changing that field’s value.
Do you know if these actions can be tampered with?
Thanks!