I'm currently researching for some good way of implementing a security model for an administrative application. See, this is one of the areas where you really need a good design. And if not well thought of, then the code can easily get dirty and strangled in one month's time.
In small applications, we used to implement such in a very simple way by using database columns with true/false values or by using a access mask stored in a string.
However, such methodology proves very weak when its times to scale and fine tune your apps security demands. A security model is something that doesn't stay the same since it will be affected by any extra functionalities added to the application in future versions, therefore, as i already said, it is one of the areas that need deep thought and a good design.
If you're not acquainted to the terms: Policy, Subject, Resource, Role Based Access List, Authenticator, Authorizer... then HANDS OFF the security architecture document and delegate it to someone else. I know you have the brain power to do it, but without the correct knowledge, it wont be easy.
No comments:
Post a Comment