To keep track of a user, a server may include a user’s identifier as a hidden and encrypted form field, so that it comes back with every form

To keep track of a user, a server may include a user’s identifier as a hidden and encrypted form field, so that it comes back with every form submission. What risk does this entail?

  1. A malicious user modifies the hidden field and submits a request for another user
  2. The user identifier is leaked and can be sniffed
  3. A cross-site request forgery can get hold of the identifier
  4. The identifier can be used in a code injection attack

"Our Prices Start at $11.99. As Our First Client, Use Coupon Code GET15 to claim 15% Discount This Month!!":

Get started