|
|
|
|
|
|
by __s
1471 days ago
|
|
|
If the id appears in a url, you may not want people to guess ids. The information leak exists even if you do authentication: maybe you don't want someone to be able to guess how many records there are, or how quickly records are being generated |
|
|