DataStructures / System Design
What is parameter tampering?
Parameter tampering, also known as insecure direct object reference, occurs when attackers manipulate parameters exchanged between client and server to gain access unauthorized access to data.
Examples of parameter values frequently manipulate include:
- cookies.
- URL parameters.
- Drop-down list, Radio buttons and checkboxes.
- database primary fields are stored in hidden fields.
Mitigation strategies:
- Perform resource entitlement checks on every data access request.
- Do not rely on client-provided information for authorization, other than the sessionID. Map sesionIDs to primary keys and other fields as a server side operation.
- Implement tokenization, where the database primary keys are indirectly referenced.
Dogecoin! Earn free bitcoins up to $250 now by signing up.
Earn bitcoins upto $250 (free), invest in other Cryptocurrencies when you signup with blockfi. Use the referral link: Signup now and earn!
Using BlockFi, don't just buy crypto - start earning on it. Open an interest account with up to 8.6% APY, trade currencies, or borrow money without selling your assets.
Join CoinBase! We'll both receive $10 in free Bitcoin when they buy or sell their first $100 on Coinbase! Available in India also.
Use the referral Join coinbase!
Invest now!!! Get Free equity stock (US, UK only)!
Use Robinhood app to invest in stocks. It is safe and secure. Use the Referral link to claim your free stock when you sign up!.
The Robinhood app makes it easy to trade stocks, crypto and more.
Webull! Receive free stock by signing up using the link: Webull signup.
More Related questions...
