Attacks on session IDs and resource IDs take advantage of the fact that
						some software accepts user input without verifying its authenticity. For
						example, a message queueing system that allows service requesters to post
						messages to its queue through an open channel (such as anonymous FTP),
						authorization is done through checking group or role membership contained in
						the posted message. However, there is no proof that the message itself, the
						information in the message (such group or role membership), or indeed the
						process that wrote the message to the queue are authentic and authorized to
						do so.