pcastagnaro_709
Mar 12, 2013Nimbostratus
Parameter Tampering
Dear all,
I want to know how can I avoid users to manipulate the URL and circumvent a security permission?
Example, user clicks a link: http://myweb.com/student_data/academic_data.jsp?studentID=AAA12345
In this example the parameter will be for user ID XXX12345, but what if the end user manipulates the URL and place studentID=CCC56789 (someone else)?
I tried adding parameter studentID as a global parameter, but it did not solve my issue.
This web server is on a productive environment, and my client does not want to invest in a programmer to code a new application in order to solve this problem.
I hope somebody can help me.
Thanks in advance!