I never really thought about UUIDs until I realized that incremental IDs can be potential security threats.. Not so long ago I was reading this piece on Parler hack (heard it first from @joshpuetz
in the last episode of DevNews)
“This was due to an unprotected API call that was sequentially numbered, therefore allowing any attacker to iterate continuously over the endpoint and take all information available,” Mr. Warner explained.
“In the case of Parler, this was URLs that looked like par.pw/v1/photo?id= and the ID could be sequentially increased to gather information from the API without direct knowledge,” he explained.
Great and comprehensive insights!!
I never really thought about UUIDs until I realized that incremental IDs can be potential security threats.. Not so long ago I was reading this piece on Parler hack (heard it first from @joshpuetz in the last episode of DevNews)
full piece on cybernews.com
Blew my mind and completely crushed my soul!