Security Corner:
Access Control and Authorization
By Eric Mann
Proving the identity of a user isn’t the end of an application’s responsibilities: you must also verify the user is allowed to perform the actions they’re attempting. Conflating authentication (the act of identifying users) with authorization (the act of verifying their level of access within the system) is one of the most common ways applications have been breached in the recent past.
This article was originally published in the May 2019 issue of php[architect] magazine. To read the complete article please subscribe or purchase the complete issue.
Leave a comment
Use the form below to leave a comment: