🟩Access Control (Authorization)
Access control (or authorization) is the application of constraints on who can perform attempted actions or access resources that they have requested. In the context of web applications, access control is dependent on authentication and session management:
Authentication identifies the user and confirms that they are who they say they are.
Session Management identifies which subsequent HTTP requests are being made by that same user.
Access Control determines whether the user is allowed to carry out the action that they are attempting to perform.
Categories
Vertical Access Controls Different types of users have access to different application functions
Horizontal Access Controls Different users have access to a subset of resources of the same type
Context-dependent Access Controls Prevent a user performing actions in the wrong order
Location-based Access Aontrol These access controls can often be circumvented by the use of web proxies, VPNs, or manipulation of client-side geolocation mechanisms
Broken access controls
Last updated