• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 7. Understanding Security > Authentication and Authorization

Authentication and Authorization

Securing sensitive areas of an application, such as administrative pages, prevents unauthorized access to protected functionality. This is done through an access control system with user authentication and authorization. Authentication is proving the user is who they say they are. Authorization is determining which resources the authenticated user can access.

Such security models vary vastly from the simple, where authentication consists of a single username and/or password for all users, to the detailed, where user-authentication access control throughout the Web site is very granular. There are even single sign-on models in which logging into one application allows users to access a variety of other applications. Single sign-on models typically authenticate users with identity tokens, ranging from electronic technologies such as Smart Cards and X.509 certificates, to the more advanced biometric technologies such as fingerprinting and facial recognition.


PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint