Authenticating using a hashid

To address the Insecure Direct Object Reference vulnerability, the LPM REST API service masks all resource IDs with hashids. This method prevents the interface from exposing dbid references to outside entities.

The hashid algorithm relies on key phrase or salt to calculate and generate a hashid value. Changing the salt value generates different hashid calculations.

To change the default salt value, do the following:

  1. From your computer, navigate to the <install‑Dir> \Lexmark\Solutions\apps\lpm\WEB-INF\classes folder, where <install‑Dir> is the installation folder of LDD.
  2. Using a text editor, open the app-production-config.properties file.
  3. Specify the value for hashids.salt.
  4. Save the file.
Note: When using an enterprise setup, make sure that all application servers have the same salt value.