our company"s system is an intranet system, and we have not paid attention to the problem of parallel ultra vires before. Recently, the company conducted a security test to issue this problem, that is, users can ultra vires access to other users or order information by modifying the parameters in url. At present, the solution we have discussed is to encrypt the core parameters when the parameters are passed by the backend to the foreground, and then decrypt the parameters when the parameters are passed by the backstage to the foreground. The disadvantage of this is that it has a great impact on the business side, and each business method has to be modified.
is there a reasonable solution to this problem to minimize the impact on the business side?