Skip to main content

Access Control

Access control is about controlling user flow within your application. Do not mistaken access control with security which is a bigger subject in itself. Access control begins by authenticating user and limit his or her activity in your application. An activity is something like creating, updating or deleting a content. There are always finite number of activities that can be done in a given application. Each user can be assigned to a set of activities that he or she is allowed to do. Access control is usually tied to session management. However, you do not need session management to have access control.

When a user log in, a session is created so that the user is remembered for the subsequent access. Otherwise the user has to keep on providing his or her credential for each access. We can also keep a list of activities that the user is allowed to do in the session record. Some applications let the session alive indefinitely and some applications time out user after a duration of inactivity. When the user log out, the session record is deleted.

Activity

An application is organized by activities such as view, create, edit, or delete users or contents. In the last sentence, a 'create content' is an activity. These activities are organized as menu. Depending on users, some will see all activities in the menu and some will see a small number of activities in the menu. It is the function of access control that enlist activities in the menu. Once an item in the menu is clicked the application will route user to the activity page. However, before the page is opened a checking is done to verify whether the user is allowed to open the page. If the user is not allowed to open the page then the user will be routed to an 'access denied' page.

Some applications have a finer grain activity control by listing only allowed items on the activity page. Such as, some users may see all buttons and links, and some users may see only a number of buttons and links. Apart from menu, buttons and links are also representing activities.

Role

Technically, user's role has nothing to do with access control. Some application organize users in groups instead of roles. We use role to group activities. As examples, a role as an administrator can do all activities and a role as an editor can only create, update and delete contents. Assigning a role to a user is easier then assigning activities. However, some applications require that only a specific user is allowed to do specific activity. Those applications will bypass role-activity assignment. On the other hand, a simpler application may want to organize users based on hierarchy, which fixes activities per role that the application ignores activity assignment all together. However, role is still related to activity.

User Record

User record is required for access control and so does your application. Designing a user record can be confusing because there are two concerns; 1. user for access control, 2. user for your application. Access control requires credential record such as log in user name, password and a flag that indicate a user is still active. Your application may need to keep more user information such as the real name, email address and phone number.

It is better to keep two separate user record. The main user record is to keep user credential for access control. The secondary user record is for your application usage. Make sure to link to the main user record identity (id) in your secondary user record. However, the main user record should be made independent to the secondary user record so that you can reuse your access control library.

Security

In access control, security is about preventing identity theft. We start with password hashing. We don't keep user password as is in the user record. We only keep password hash so that no one know the actual password including the administrator; well, except the owner of the password.

We limit the information that we keep in cookies. Or, it will be better if we can bypass the cookies altogether. Hackers may use information in the cookies to steal identity.

We validate every user input including the log in information so that only clean data is passed over our application. Non-validated user input must not reach our application's SQL string to prevent SQL injection attack.

We must make sure that when user log out the session data is deleted. Auto log out after a duration of inactivity can also be applied.

Activity logging is another feature to support security. Data in the log can be used to trace malicious activities and to help prevent future occurrence.

Comments

Post a Comment

Popular posts from this blog

Setting Up PyScripter for Quantum GIS

PyScripter is a general purpose Python Integrated Development Environment (IDE). Quantum GIS (QGIS) is a desktop GIS application that can be extended with Python plugins. Both are open source softwares. We intend to use PyScripter as an IDE to build QGIS Python plugin. We are using PyScripter 2.4.1.0 and QGIS 1.6.0 in Windows. PyScripter does not come with Python. On the other hand, QGIS is built in with Python. Thus, we will setup up PyScripter to use the build in Python in QGIS. We assume both PyScripter and QGIS are already installed. Preparing PyScripter batch file We assume that QGIS is installed in C:\OSGeo4W\ folder and PyScripter is installed in C:\Program Files\PyScripter\ . 1. Copy qgis.bat in C:\OSGeo4W\ bin to pyscripter.bat 2. Edit pyscripter.bat to remove the last line that read something like this start "Quantum GIS" /B "%OSGEO4W_ROOT%"\apps\qgis\bin\qgis.exe %* and replace it with this in one line Start "PyScripter" /B "C:\Progr
8 comments
Read more

Sending Emails via SMTP

msmtp  requires a minimal setup for sending emails via SMTP compared to sendmail. Here is a configuration for you to send emails from a web host to an external SMTP server. Prior to doing that, you must check whether there is a clear communication channel between your web host and the SMTP server. You can use Telnet . Set up msmtp You are going to set msmtp as an MTA . Hence, you need to remove all other MTAs such as postfix and sendmail: $ sudo apt-get --purge autoremove postfix sendmail Install msmtp and related utilities: $ sudo apt-get install msmtp msmtp-mta mailutils Configure msmtp: $ sudo nano /etc/msmtprc # Set default values for all following accounts. defaults # Use the mail submission port 587 instead of the SMTP port 25. port 587 # Always use TLS. tls on # Set a list of trusted CAs for TLS. The default is to use system settings, but # you can select your own file. tls_trust_file /etc/ssl/certs/ca-certificates.crt # The SMTP server account mx host mail.mx.example
Post a Comment
Read more

fatal: Couldn't find remote ref master

If you are using Github then  master is now known as main . Whatever you want to do with a master must now be referred to a main . If you search for this error message on the Internet then you will encounter with a lot of old discussions on how to set up your master properly which is probably not what you are looking for. The master  is your problem. Rename it to main . I wrote Git My Way about two years ago. Today I created another Github repository. I got this  "fatal: Couldn't find remote ref master"  error message when I wanted to sync the new repo for the first time with my notebook using the notes I wrote in the blog. All the discussions around the error message I found on the Internet were perplexing. Then I recalled that Github had renamed master to main  due to the master-slave connotation. We always have a master copy of a code, never a slave copy. Now suddenly a word context has been diminished for good. What is going to happen to the existing vast documen
Post a Comment
Read more