🎩Insecure Direct Object Reference (IDOR)

On our server side we did not verify the permission or role to access the data then it allow another user can access the data of the other.

Drawing

How to Protect

  1. Verify authorization in BE side

Last updated