#4 - Insecure direction object references

When a developer exposes a reference to an object without proper access or other protection, then this reference becomes a source of attack. The objects defined in the IRT REST API have been tested to validate proper authorization constructs within the functions of the defined service. When developing code and sending data to and from the REST API, ensure that the authorization model of the REST API interface is consistent to guard against insecure direction object references.

• Access to Oracle Support
• Accessibility
• Legal Notices

Copyright © 2016, 2018 Oracle and/or its affiliates. All rights reserved.