Basics of Web Application Security: Authorize Actions
Authentication means you know who your user is, protecting their session
ensures that information stays correct. Now Cade and Daniel move on to authorization:
checking that users only do what they are allowed to do. Authorization should
always be checked on the server and should deny by default. Actual authorization
schemes are domain-specific, but some common patterns help get you started.
No comments have been added yet.
Martin Fowler's Blog
- Martin Fowler's profile
- 1099 followers
Martin Fowler isn't a Goodreads Author
(yet),
but they
do have a blog,
so here are some recent posts imported from
their feed.
