- A type of access control vulnerability in digital security. An IDOR exists when a web application or application programming interface (API) uses an identifier for direct access to an object in an internal database, but does not check for access control or authentication. For example, if the request URL sent to a website directly uses an enumerated unique identifier (such as “https://example.com/doc/1234”), it may provide an exploit for unintended access to all records. A directory traversal attack is considered a special case of an IDOR. ← Wikipedia
This term is sponsored by: your name/company?
- Previous term: Input/output operations per second
- Next term: Insertion mode
- Random term: Domain storytelling (webglossary.info/random 🎲)