β˜€οΈ
Dev7Days
  • πŸ˜„Welcome
  • Local Setup
    • βš™οΈSetup Terminal
    • βš™οΈSetup IDE
    • βš™οΈSetup Neovim
  • Rust
    • πŸ¦€Cargo
  • Java
    • πŸƒSpring Boot
      • Spring Boot Annotaion
      • Spring Boot Learning
    • πŸƒJDK vs JRE vs JVM
    • πŸƒWhat is JDBC ?
    • πŸƒWhat is Data Source in Java ?
    • πŸƒCheck vs Unchecked Exception
    • πŸƒWhat is Servlet in Java ?
    • πŸƒFilter vs Interceptor
    • πŸƒMockito
    • πŸƒMaven CLI
    • πŸƒMaven Archetype
  • Go
    • πŸ”ΉGo Routine and Channel
    • πŸ”ΉGo CLI
  • Ruby and Rails
    • ♦️Ruby Syntax
    • ♦️Rails Framework
    • ♦️Rails Structure
  • Fundamental
    • πŸ“šGit Command
    • πŸ“šInterpreter vs Compiler
    • πŸ“šDTO vs DAO
    • πŸ“šHttp Status
    • πŸ“šWhat is Batch Process ?
    • πŸ“šHttps
    • πŸ“šLocal Storage vs Session Storage vs Cookies
    • πŸ“šAuthentication & Authorization
    • πŸ“šDatabase Index
    • πŸ“šWhat is GRPC ?
    • πŸ“šWhat is Microservice ?
  • Database
    • πŸ—ƒοΈWhat is Transaction ?
    • πŸ—ƒοΈACID
  • Postgres
    • 🐘SELECT
    • 🐘Column Alias
    • 🐘Order By
    • 🐘SELECT DISTINCT
  • Elastic Search
    • πŸ”What is Elastic Search ?
    • πŸ”Node and Cluster
  • Kubernetes
    • ☸️What is Kubernetes ?
    • ☸️Kubernetes Architecture
      • Node
      • ETCD
      • Kube API Server
      • Controller Manager
      • Kube Scheduler
      • Kubelet
      • Kube Proxy
  • ☸️Pod
  • ☸️ReplicaSet
  • ☸️Deployment
  • ☸️Service
  • ☸️Config Map
  • ☸️Namespaces
  • ☸️Kube Apply Command
  • ☸️Scheduling
    • Manual Scheduling
    • Labels and Selectors
    • Taints and Tolerations
    • Node Selector
    • Node Affinity
    • Resource Requirements and Limits
    • DaemonSets
    • Static Pods
    • MultipleSchedulers
  • ☸️Monitoring
  • AWS
    • πŸ”ΈHow can users access AWS ?
    • πŸ”ΈIAM
    • πŸ”ΈEC2
      • User Data
      • Instance Types
      • Security Group
      • Purchasing Options
      • Placement Groups
      • Elastic Network Interface (ENI)
      • EC2 Hibernate
      • EC2 Storage
    • πŸ”ΈELB & ASG
      • Health Checks
      • Target Group
      • ELB Types
      • Sticky Sessions
      • Cross Zone Load Balancing
      • Load Balancer - SSL and SNI
      • Deregistration Delay
      • ASG
    • πŸ”ΈRDS & Aurora DB
      • RDS
        • Storage Auto Scaling
        • Read Replica
        • Multi AZ
        • RDS Custom
        • Backup
        • RDS Proxy
      • AWS Aurora
        • Read Replica
        • Endpoint and Auto Scaling
        • Aurora Serverless
        • Global Database
        • Machine Learning
        • Backup
        • Database Cloning
      • RDS & Aurora Restore options
      • RDS & Aurora Security
    • πŸ”ΈElastic Cache
    • πŸ”ΈRoute 53
      • Records
      • Hosted Zones
      • Health Check
      • Routing Policies
  • Backend Security
    • 🎩SQL Injection
    • 🎩Cross site script (XSS)
    • 🎩Cross site request forgery (CSRF)
    • 🎩Man in the Middle (MITM)
    • 🎩Insecure Direct Object Reference (IDOR)
    • 🎩Distributed denial of service (DDOS)
  • Medium
    • πŸ‘¨β€πŸ’»Gamer to Coder
    • 🐳Docker
      • Docker #1
      • Docker #2
    • πŸ’ŠDI and IOC
    • ☸️Kubernetes
  • Book
    • πŸ“šSystem Design Interview - An Insider's Guide (Volume 1
Powered by GitBook
On this page
  1. Backend Security

Insecure Direct Object Reference (IDOR)

PreviousMan in the Middle (MITM)NextDistributed denial of service (DDOS)

Last updated 6 months ago

On our server side we did not verify the permission or role to access the data then it allow another user can access the data of the other.

How to Protect

  1. Verify authorization in BE side

🎩
Drawing