Direct Object Reference within an MVC controller

A Direct Object Reference security breach occurs when a user changes an id, usually within a url (or perhaps a hidden field) and suddenly sees information (or performs an action) that he or she is not supposed to be able to do. So a the url had in it “order=1″ and a user changes it to “order=2″ hopefully the website […]