Chapter 10
Access Control
Permission is frequently mentioned in the field of security. It is actually a kind of capacity. The reasonable allocation of permission has always been the core issue of safety design.
Permission will be referred to as access control in this chapter. In the field of Internet security, in particular web security, permission control can be attributed to the issue of access control.
10.1 What Can I Do?
In Chapter 9, we discussed the difference between authentication and authorization. Certification is answering the question “Who am I?”; authorization is answering the question “What can I do?”
Permission control or access control is widely used in various systems. Abstractly, it is the subject of some object that is needed ...
Get Web Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.