Chapter 10

Access Control

Permission is frequently mentioned in the field of security. It is actually a kind of capacity. The reasonable allocation of permission has always been the core issue of safety design.

Permission will be referred to as access control in this chapter. In the field of Internet security, in particular web security, permission control can be attributed to the issue of access control.

10.1 What Can I Do?

In Chapter 9, we discussed the difference between authentication and authorization. Certification is answering the question “Who am I?”; authorization is answering the question “What can I do?”

Permission control or access control is widely used in various systems. Abstractly, it is the subject of some object that is needed ...

Get Web Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Web Security by Hanqing Wu, Liz Zhao

Access Control

10.1 What Can I Do?

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly