http flic krp9 UQDPM Security Authentication Authorization In
- Slides: 15
http: //flic. kr/p/9 UQDPM Security: Authentication & Authorization
In the most general terms, what bad things does computer security aim to prevent?
In the most general terms, what bad things does computer security aim to prevent? • Unauthorized access to data • Unauthorized modification of data • Unauthorized control
Two Key Security Concerns Authentication • Who is the user? Authorization • What is the user allowed to do/access?
What methods of authentication are there?
What methods of authentication are there? • • • Passwords Biometrics SMS code Secret question USB key
Browser Where should authentication/author ization go? Ye Olde Internet Rails Router Controller View Model DB
Browser Where should authentication/author ization go? Ye Olde Internet Around here! Rails Router Controller View Model DB
Given stateless nature of HTTP, how to prevent user from reauthenticating with each HTTP request? Browser Ye Olde Internet Rails Router Controller View Model DB
Given stateless nature of HTTP, how to prevent user from reauthenticating with each HTTP request? Browser Ye Olde Internet Sessions/Cookies Rails Router Controller View Model DB
How Cookies Work From: http: //en. wikipedia. org/wiki/HTTP_cookie
A session is a serverside object that stores “conversational state” Browser Ye Olde Internet Rails Router Controller View Model DB
How to do authorization?
Role-Based Access Control Taken from http: //en. wikipedia. org/wiki/Role-based_access_control
Final Note About Authentication and Authorization in Rails • Rails Tutorial (Hartl) does “by hand” • Gems available as well – Devise most popular? Example time! See: https: //github. com/sdflem/auth_skeleton
- Git flic
- Asp.net mvc 5 identity authentication and authorization
- Authentication authorization auditing
- Authentication and authorization infrastructure
- Peer entity authentication
- Message authentication and entity authentication
- Http authorization manager jmeter
- Keamanan database
- Private secuirty
- What is message authentication code
- Authentication in cryptography and network security
- System.security.authentication
- Http //mbs.meb.gov.tr/ http //www.alantercihleri.com
- Siat.ung.ac.id
- Ohsu health services
- Ptal letter