Avoiding exposing identifier details to your users

added by DotNetKicks
6/22/2020 4:15:37 PM

349 Views

A sadly common place "attack" on applications is called " Web Parameter Tampering ". This is the case where you have a URL such as this: https://secret.medical.info/?userid=823 And your users "hack" you using: https://secret.medical.info/?userid=999 And get access to another users records. As an aside, that might actually be considered to be hacking, legally speaking.


0 comments