Chapter 10

Access Control

Permission is frequently mentioned in the field of security. It is actually a kind of capacity. The reasonable allocation of permission has always been the core issue of safety design.

Permission will be referred to as access control in this chapter. In the field of Internet security, in particular web security, permission control can be attributed to the issue of access control.

10.1 What Can I Do?

In Chapter 9, we discussed the difference between authentication and authorization. Certification is answering the question “Who am I?”; authorization is answering the question “What can I do?”

Permission control or access control is widely used in various systems. Abstractly, it is the subject of some object that is needed ...

Get Web Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.