Forum Discussion
pcastagnaro_709
Nimbostratus
NimbostratusParameter Tampering
Dear all,
I want to know how can I avoid users to manipulate the URL and circumvent a security permission?
Example, user clicks a link: http://myweb.com/student_data/academic...
SunHuHwang_1815Nimbostratus
Nimbostratusplease referer below. (v12.0.0)
-
Parameter
- add in parameter list : studentID
- Object change - Parameter Value Type : dynamic contents value
- Extraction > Extract From URLs : /student_data/academic_data.jsp
- Blocking setting : Illegal dynamic parameter value - check
- Apply policy
