Horizontal ultra vires and vertical ultra vires [easy to understand]

Hello everyone , I meet you again , I'm your friend, Quan Jun .

lateral ultra vires ： Horizontal ultra vires refers to the attacker's attempt to access the resources of the user with the same permissions Vertical ultra vires ： Vertical override refers to a low-level attacker trying to access the resources of a high-level user

How to prevent horizontal ultra vires loopholes ：

1. By establishing the binding relationship between users and operable resources , When users operate on any resource , Ensure that the resource is owned by the user through the binding relationship .
2. Indirect mapping of key parameters in the request , Avoid using the original key parameter name , For example, using index 1 Instead of id value 123 etc.

How to prevent vertical ultra vires loopholes ：

It is recommended to use role-based access control mechanism to prevent vertical over authority attacks , That is, define different permission roles in advance , Assign different permissions to each role , Each user belongs to a specific role , I.e. I have a fixed authority , When a user performs an action or produces an action , Determine whether the action or action is allowed by the user's role .

Publisher ： Full stack programmer stack length , Reprint please indicate the source ：https://javaforall.cn/148590.html Link to the original text ：https://javaforall.cn