Plausible Hacking Technique

bluehenroot's Avatar, Join Date: Dec 2008
Newbie Member
I'm trying to implement security on an application I'm currently designing.

Essentially user's are going to log have certain functionality available in certian locations.

Example

User can query invoices, and create orders for location 1.
The same user can query invoices, and process payments for location 2.

I'm wondering if there are any hacking techniques out there that would allow the user to the some how change the a session object/request that would the user logged in working in location 2 to somehow process a payment for location 1.

I hope my question is clear enough.

Thank you.
0
neo_vi's Avatar, Join Date: Feb 2008
Invasive contributor
make ur query much clear to get an answer