|
|
|
|
|
|
by gmhafiz
1096 days ago
|
|
|
Expanding on temporal information leak 1. Size: If a client receives a record with id=10004578, they can guess that 4578 orders have been made. 2. Rate of growth: Receiving two different orders means they can track the growth rate of record insertion. And also Iteration attack: If your API endpoints do not have authorization, an attacker can try to access with GET /api/users/1, GET /api/users/2, GET /api/users/3, etc. UUID makes this next to impossible. |
|
|