Injection attacks? #131
Description
Could an attacker inject malicious code in place of the UID or consent payload?
Injecting a malicious UID in the cookie or URL parameter should be protected against by SQLAlchemy.
Currently, the consent payload is probably safe due to FastAPI and Pydantic. But if we need to make the schema more flexible, we need to be careful.