[WEB SECURITY] ACL for application
Brian Eaton
eaton.lists at gmail.com
Tue Jan 9 10:33:03 EST 2007
On 1/8/07, Ankur Jindal <divinepresence at gmail.com> wrote:
> How are application level ACL's usually implemented?
I'm not sure I understand your question. Are you asking what the code
looks like? That usually depends on what kind of tools are built in
to your deployment platform. For example, for J2EE apps role-based
security is normal.
> Another thought was that we write down clearly what everyone can do
> and leave nothing to assumptions/beliefs.
This is a good idea, if not for implementation, at least for planning.
If you can't document it for other human beings, you probably can't
implement the policy in a computer.
Regards,
Brian
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
More information about the websecurity
mailing list