1.     how to avoid threats when we are using display and edit methods()?

steps:

1. Evaluate each display method that returns data from another row,

either in the same table or a different table.

2. Discuss internally if this data poses an information-disclosure threat.

3. If the data poses a threat, perform explicit authorization checks

(discussed in the next topic), and throw an exception if access is

unauthorized.

4. Let the Best Practices tool know that you have mitigated a particular

dangerous method. After adding the following comment above a

display method, that best practice error is suppressed

2.     Explain  the authorization checks?