About: Insecure direct object reference

An Entity of Type: Thing, from Named Graph: http://dbpedia.org, within Data Space: dbpedia.org

Insecure direct object reference (IDOR) is a type of access control vulnerability in digital security. This can occur when a web application or application programming interface uses an identifier for direct access to an object in an internal database but does not check for access control or authentication. For example, if the request URL sent to a web site directly uses an easily enumerated unique identifier (such as http://foo.com/doc/1234), that can provide an exploit for unintended access to all records. A directory traversal attack is considered a special case of a IDOR.

Property	Value
dbo:abstract	Insecure direct object reference (IDOR) is a type of access control vulnerability in digital security. This can occur when a web application or application programming interface uses an identifier for direct access to an object in an internal database but does not check for access control or authentication. For example, if the request URL sent to a web site directly uses an easily enumerated unique identifier (such as http://foo.com/doc/1234), that can provide an exploit for unintended access to all records. A directory traversal attack is considered a special case of a IDOR. The vulnerability is of such significant concern that for many years it was listed as one of the Open Web Application Security Project’s (OWASP) Top 10 vulnerabilities. (en)
dbo:wikiPageID	66362975 (xsd:integer)
dbo:wikiPageLength	3987 (xsd:nonNegativeInteger)
dbo:wikiPageRevisionID	1113874738 (xsd:integer)
dbo:wikiPageWikiLink	dbr:United_States_Department_of_Defense dbr:Vulnerability dbc:Hacking_(computer_security) dbr:Application_programming_interface dbr:URL dbr:Web_application dbr:Access_control dbr:Database dbr:Parler dbr:Directory_traversal_attack dbc:Web_security_exploits dbr:Social_networking dbr:Open_Web_Application_Security_Project dbr:Authentication_in_web
dbp:wikiPageUsesTemplate	dbt:Reflist dbt:Short_description dbt:Computer-security-stub
dcterms:subject	dbc:Hacking_(computer_security) dbc:Web_security_exploits
rdfs:comment	Insecure direct object reference (IDOR) is a type of access control vulnerability in digital security. This can occur when a web application or application programming interface uses an identifier for direct access to an object in an internal database but does not check for access control or authentication. For example, if the request URL sent to a web site directly uses an easily enumerated unique identifier (such as http://foo.com/doc/1234), that can provide an exploit for unintended access to all records. A directory traversal attack is considered a special case of a IDOR. (en)
rdfs:label	Insecure direct object reference (en)
owl:sameAs	wikidata:Insecure direct object reference dbpedia-lmo:Insecure direct object reference https://global.dbpedia.org/id/FdVyN
prov:wasDerivedFrom	wikipedia-en:Insecure_direct_object_reference?oldid=1113874738&ns=0
foaf:isPrimaryTopicOf	wikipedia-en:Insecure_direct_object_reference
is dbo:wikiPageRedirects of	dbr:IDOR
is dbo:wikiPageWikiLink of	dbr:Directory_traversal_attack dbr:IDOR
is foaf:primaryTopic of	wikipedia-en:Insecure_direct_object_reference