Insecure Direct Object References (IDOR) / Broken Object Level Authorization (BOLA) occurs when an application provides direct access to objects based on user input without checking ownership.

• Validate that the currently authenticated user has the right to access the inherently requested record (e.g., User A requesting `receipt/1234`)
• Use unpredictable, non-sequential UUIDs for record IDs