When creating a web application that will allow users to upload images and mark them as private, should those images be protected by authentication and authorization mechanisms against access by other ..
Tag : authorization
What are the best practices to extend Authorization to the Model layer if in a monolith MVC application (i.e rails) you have other entry-points than just the Controller? I.e background jobs, or the model intera..
I work for a publishing company that also provides content distribution to their users. In order to access a piece of content the user must be entitled to do so. Traditionally this authorization check has been done with several different ways (most of them legacy, unsecure and, tbh, very ugly). We do support username and password authentication but this is by far the less common way used for gaining access to content. For the sake of this post let’s assume that the only alternative is for a user to reach our product from a company’s internal portal – we call this “Referral acc..
I have experience building RBAC-based authorization mechanisms, and understand the theory behind ACLs (DAC?) though I’ve never had the need to implement..