Security Corner:
Access Control and Authorization

By Eric Mann

Proving the identity of a user isn’t the end of an application’s responsibilities: you must also verify the user is allowed to perform the actions they’re attempting. Conflating authentication (the act of identifying users) with authorization (the act of verifying their level of access within the system) is one of the most common ways applications have been breached in the recent past.

Read in Full

This article was originally published in the May 2019 issue of php[architect] magazine. To read the complete article please subscribe or purchase the complete issue.

Leave a comment

Use the form below to leave a comment: