Chapter 9

Authentication and Session Management

Authentication is the easiest method for ensuring safety. If there is no authentication in a system, everybody could judge it to be unsafe. The most common form of authentication is protection with a username and a password, but there are other means of authentication as well. We will introduce some common means of web authentication in this chapter, as well as some related safety issues.

9.1 Who Am I?

Often, people—even safety engineers—confuse authentication with authorization and vice versa. In fact, the two concepts can be easily distinguished in the following way: Authentication is to recognize who the user is, and authorization is to decide what the user can do.

Figuratively speaking, assume ...

Get Web Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.