2 strategies to define permissions : forbid everything vs allow everything
Posted by z Jean-jacques Jouanneaux on 22 August 2013 05:51 PM

Authorizations define what a user can do in an application:

Basically, you define what the user is allowed to see, do and modify in the application.

You need to choose between two ways of defining authorizations: 

• The most secure way is to forbid everything by default, and then grant permissions to open possibilities. This way, if you forget to define a permission, the user won’t be able to do something he should, rather than accidentally do something he shouldn't.

• The faster way is to allow everything by default, and then you assign restrictions to forbid some actions. This way is faster because typically there are fewer restrictions than permissions. 

(0 vote(s))
Not helpful

Comments (0)
Help Desk by Novalys