Broken Object Property Level Authorization

what is:

  • is actually in some ways a دمج بين فئتين قديمتين منMass Assignment

  • is the ability to update object elements within an API endpoint بالإضافة إلى فئة Excessive Data Exposure والتي تتعلق بالكشف عن unnecessarily sensitive data لحالة الاستخدام الخاصة بهذا التطبيق المعين

Example:

  • manipulating an object ID, for example account type, واستبدال a free account to a premium

  • This is an example of a Mass Assignment where you can actually modify and update object values. Another example - let's say you have an endpoint to do a simple user search or something like that, then لا توجد حاجة لإرجاع المزيد من المعلومات like account IDs and emails and other sensitive details when the use case doesn't require it

Prevention:

  • to make sure your API endpoints are returning only البيانات المطلوبة بشكل قانوني for that application and nothing more

  • Do not rely on filtering in the UI to do that work for you

  • Make sure your API is only returning the data that the application that the use case requires

  • make sure that users can only access the info they need and cannot modify data that they should not have the opportunity or the ability to modify

PreviousUnrestricted Resource ConsumptionNextBroken Function Level Authorization (BFLA)

Last updated