Chapter 16. User Management
The world will look up and shout 'save us' and I will look down and whisper 'no.'
WHAT'S IN THIS CHAPTER?
RBAC and ACL as basic user management methods.
Setting up LDAP.
Advanced user management with LDAP.
How should a web application be secured against unprivileged access? We want to explore this topic as deeply as possible in this chapter because of its significance and the severe consequences of neglecting security. The first major section of this chapter, "Basic User Management," covers not only the basic security issues, but also dynamic access control and features of specific frameworks.
The second major section of this chapter, "Identifying Users Using LDAP Implementation," is focused on implementing user authorization with LDAP within the frameworks. This is an alternative industry-scale solution, so you can skip this section if you don't need it. However, this knowledge will be invaluable for more advanced users, because it is not easily accessible on the Internet, and it is highly valued among big companies and corporations.
BASIC USER MANAGEMENT
There are many ways to manage user authorization. In the frameworks featured in this book, there are two main user management approaches, RBAC and ACL. They are quite similar, but have some important differences that are described and explained in the following section.
RBAC versus ACL
RBAC, which stands for Role-based Access Control, is more role oriented (roles, not specific users, are ...