9 Authorization Models and Layers

Authorization is a crucial security aspect and, thus, it’s important for any web application. This chapter explores the concept of authorization in Ruby on Rails applications. First, we will discuss the role and place of authorization in an application’s security.

Then, we’ll introduce the two fundamental concepts of authorization: the authorization model and the authorization layer. Finally, we’ll discuss the problem of authorization enforcement and how it relates to an application’s performance.

This chapter touches on an important topic of application security. The robustness of its implementation is doubly important. Every user action must be authorized, and every input verified. You can achieve such a level ...

Get Layered Design for Ruby on Rails Applications now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Layered Design for Ruby on Rails Applications by Vladimir Dementyev

9

Authorization Models and Layers

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly