logo hsb.horse
← Back to glossary index

Glossary

IDOR (Insecure Direct Object Reference)

IDOR is a vulnerability where direct object identifiers allow access to resources without proper authorization checks.

Published: Updated:
#security #web #idor #authorization

Translations

German French Japanese Korean Portuguese

IDOR occurs when user-provided IDs are trusted without object-level authorization. Effective mitigation requires authorization checks on every read/write path.

Practical Note

IDOR (Insecure Direct Object Reference) usually appears in contexts related to security, web, idor, authorization. In practice, it helps to know not only the definition, but also what this term is trying to name quickly in a conversation, design note, or document.

Nearby words often overlap and make the explanation fuzzy. It is easier to use the term well when the target, role, and typical situation are kept one step more concrete.

Reading Note

The easiest way to read this term is to look at three things first: what it is about, what nearby concept it should be separated from, and what kind of decision it usually supports. For IDOR (Insecure Direct Object Reference), the security, web, idor, authorization context is already a good starting point.

It also helps not to stop at the definition alone. The more useful view is to see what the term is trying to name quickly inside a working conversation.