Blog HomeThis post is part of a collection on UUIDs.What is IDOR?Indirect Object Reference (IDOR) occurs when a resource can be accessed directly by its ID even when the user does not have proper authorization to access it. IDOR is a common mistake when using a separate service for storing files, such as a publicly readable Amazon S3 bucket. The web application may perform access control checks correctly, but the storage service does not.Here’s vulnerable Django code which allows a user to view ...