To keep track of a user, a server may include a user’s identifier as a hidden and encrypted form field, so that it comes back with every form submission. What risk does this entail?
A malicious user modifies the hidden field and submits a request for another user
The user identifier is leaked and can be sniffed
A cross-site request forgery can get hold of the identifier
The identifier can be used in a code injection attack
“Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!”