December 2011
Beginner
384 pages
9h 38m
English
Content preview from Web Application Security, A Beginner's GuideBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Access Control Overview
For many web applications, it’s important that only certain users be permitted to access protected resources. A subscription-based online newspaper (for example, The New York Times) might only want the headline articles to be freely available while the rest of its content is accessible only to paying customers. Enforcing this kind of control means that you need to have a strong access control system.
Formally defined, an access control system is a mechanism that regulates access to data or functionality by determining whether a subject is permitted to perform an operation on a target object. Informally, an access control mechanism determines whether Joe User (our subject) is allowed to view (an operation) the current balance ...