Knowledgebase
2 strategies to define permissions : forbid everything vs allow everything
Posted by z Jean-jacques Jouanneaux on 22 August 2013 05:51 PM
|
|
Authorizations define what a user can do in an application: Basically, you define what the user is allowed to see, do and modify in the application. You need to choose between two ways of defining authorizations: • The most secure way is to forbid everything by default, and then grant permissions to open possibilities. This way, if you forget to define a permission, the user won’t be able to do something he should, rather than accidentally do something he shouldn't. • The faster way is to allow everything by default, and then you assign restrictions to forbid some actions. This way is faster because typically there are fewer restrictions than permissions. | |
|
Comments (0)