#4 - Insecure direction object references

When a developer exposes a reference to an object without proper access or other protection, then this reference becomes a source of attack. The objects defined in the Clinical Data API have been tested to validate proper authorization constructs within the functions of the defined service. When developing code and sending data to and from the API, ensure that the authorization model of the API interface is consistent to guard against insecure direction object references.

• Access to Oracle Support
• Accessibility
• Legal Notices

Copyright © 2019 Oracle and/or its affiliates. All rights reserved.