Legitimate Privilege Abuse (Dictionary Entry)
Draft
Legitimate Privilege Abuse
Alternative Forms
Legitimate Privilege-Based Abuse
Definitions
Definition 1
Related Terms
Quotes
Legitimate Privilege-Based Abuse
Customers in a similar manner misuse bona fide database benefits for ill-conceived purposes. Exactly when the affirmed customer mishandles the true blue advantage for an unapproved reason, this is called genuine advantage abuse. Good old fashioned advantage misuse can be as mishandle by database customers, chiefs or a system boss doing any unlawful or deceptive development. It is, however not confined to, any manhandling of sensitive data or unjustified usage of advantages [2]. For example, affiliation laborer with advantages to see particular specialist records by methods for a customWeb application. The structure of the web application normally obliges customers to audit an individual laborer’s history. A couple of records cannot be seen in the meantime and electronic duplicates are not good old fashioned. Regardless, the heel laborer may dodge these imperatives by a partner with the database using different customers, for instance, MS Excel and his genuine login qualifications, the laborer may recover and spare every single delegate record.
(Aravindharamanan et al., 2019, p. 176)
Abuse of Legitimate Privileges
It is a totally different ballgame if someone abuses privileges they have legitimately. Abuse of legitimate privileges can be considered a database vulnerability, if the malicious user misuses their database access privileges. An example for that would be a database administrator sticking his nose into data that he has no business of knowing, e.g. the contents of the CreditCard table. However, privilege abuse like this could also be an application problem, if for example the application allows an account specialist to access accounts not assigned to her.
Bibliography
See Also
-
Aravindharamanan et al., 2019 (Bibliography)
-
Legitimate Privilege Abuse (Dictionary Entry) (Dictionary)
Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.
This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.