[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] ACL for application

From: "Brian Eaton" <eaton.lists@xxxxxxxxx>
Subject: Re: [WEB SECURITY] ACL for application
Date: Tue, 9 Jan 2007 10:33:03 -0500

On 1/8/07, Ankur Jindal <divinepresence@xxxxxxxxx> wrote:

How are application level ACL's usually implemented?


I'm not sure I understand your question.  Are you asking what the code
looks like?  That usually depends on what kind of tools are built in
to your deployment platform.  For example, for J2EE apps role-based
security is normal.

Another thought was that we write down clearly what everyone can do
and leave nothing to assumptions/beliefs.


This is a good idea, if not for implementation, at least for planning.
If you can't document it for other human beings, you probably can't
implement the policy in a computer.

Regards,
Brian

---------------------------------------------------------------------------- The Web Security Mailing List: http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/ http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] ACL for application
  - From: Ankur Jindal

References:
- [WEB SECURITY] ACL for application
  - From: Ankur Jindal

Prev by Date: RE: [WEB SECURITY] ACL for application
Next by Date: Re: [WEB SECURITY] ACL for application
Previous by thread: RE: [WEB SECURITY] ACL for application
Next by thread: Re: [WEB SECURITY] ACL for application
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site