Why UUIDs won't protect your secrets
4 days ago
- #IDOR
- #UUID
- #Security
- IDOR (Indirect Object Reference) occurs when a resource can be accessed directly by its ID without proper authorization.
- Using UUIDs instead of auto-increment IDs can mitigate IDOR but doesn't fully solve the problem as URLs can still be leaked.
- UUIDs should be treated as toxic assets; if leaked in logs or URLs, they can compromise security.
- Properly fixing IDOR involves ensuring every request for sensitive data is authorized, such as routing file access through the web application or using pre-signed URLs in AWS S3.
- YouTube's unlisted content feature is an example of IDOR as an intentional security design, but it has risks if URLs are shared publicly.
- UUIDv7 includes a timestamp, making it easier to guess compared to UUIDv4, especially if the timestamp can be inferred.
- UUIDv7 implementations vary; some may use counters that reduce randomness, making them less secure.
- Postgres UUIDv7 implementation uses nanosecond granularity, offering more randomness than some other implementations.
- Rate limiting and monitoring are essential to prevent brute-force attacks on UUID-based URLs.
- Alternative approaches like UUIDv47 or using separate external and internal IDs can enhance security.