Talk in English - US at php[tek] 2019
View Slides: https://speakerdeck.com/ericmann/access-control-and-authorization
Short URL: https://joind.in/talk/8b428
(QR-Code (opens in new window))
Proving the identity of a user isn’t the end of an application’s responsibilities: you must also verify the user is allowed to perform the actions they’re attempting. Conflating authentication (the act of identifying users) with authorization (the act of verifying their level of access within the system) is one of the most common ways applications have been breached in the recent past. Don’t fall victim to simple oversights and instead keep your application – and your users – safe.
By the end of this session, you will have learned:
The differences between the various access control systems that are available:
Role-based
Attribute-based
Rule-based
Risk-based
… and more
How to integrate your PHP application with an access control system
How to gauge where authorization is necessary and where it potentially fails
Comments
Comments are closed.