DEV Community

Discussion on: Web Developer Security Checklist V1

 
davetrux profile image
David Truxall

What if your attacker was authenticated to your site? With sequential id's they could possibly access data that was not theirs. Like viewing someone else's profile because they can guess the ID? Sequential IDs open up a host of authorization issues.

Thread Thread
 
embedthis profile image
Michael O'Brien

Agree, the same rule really applies if authenticated. If an attacker is authenticated, then they have access to their account, but you still don't want them to be able to enumerate other accounts, users etc.