how to fix the Access control database issue

we have incorporated the recommended solutions in the application , but still in the scan reporting the issue

  • Hi ​,

    One way is use some type of indirection to avoid users manipulate directly the value of ID´s fields. For example, instead of this:

    String idField = request.getParameter("idField");

    BuildQuery(idField);

    Try to implement something like this:

    String fakeId = request.getParameter("idField");

    String realId = decodeFakeId(fakeId);

    BuildQuery(realId);

    Where decodeFakeId(...) looks for the fakeId as akey in a dictionary, ArayList or something lie that and returns the linked value.

    Hope this be useful.

    Regards.

    Jaime