CHAPTER 7 ACCESS CONTROL LIST
After learning the basics of using phpSecureSite, then in this chapter we are trying to implement the using of that tool. We are going to make an application which demonstrates the access control list development.
We are going to make two important sides in the development of the web-based application:
- Administrator side
- User side
In the administrator side, he deserves to do the important things which related with access control list such as registration or user modification, group, modules, and the arrangement of his access right. Let's say that this is the most secret page in application. It means that user can do anything in the application if he got succeed in entering this page.
While the page for user is the page where users who are already registered their access right can access this page. There is a page that can be entered by user and there is not.
To facilitate the arrangement, users are grouped into groups. With these groups, it can decrease the work load. It is better that user is grouped in group than arrange every user access right (imagine if there are 1000 users). Through those groups, we are going to arrange their access right. There is possibility in giving the special treatment to user. He can be given the special access right outside the access right rule for his group.
Tag: PHP Security Category: PHP Security Post : September 24th 2009 Read: 9,269
blog comments powered by Disqus