• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 18. Securing Applications > The Three A's: Authentication, Authorizatio...

18.1. The Three A's: Authentication, Authorization, and Accounting

Applications should be designed from the beginning for security. If you try to bolt security on after you have moved into production, you will likely fail to really secure the application. If you do secure it, the cost may be much higher than if you had designed for security from the beginning (but not as costly as foregoing security altogether!). In simple terms, a secure application is designed to control who can do what and provides an accounting of what the application was asked to do and what it actually did. The three features essential to a secure application that we will discuss are authentication, authorization, and accounting.

Authentication is the process in which a user (or process) identifies herself and proves she is who she claims to be by providing information available only to her. The most common authentication mechanism on the Internet today is to log into a system using a username and password. Under some circumstances, passwords may be stolen as they are transmitted across networks, and badly chosen passwords can be guessed. There are other stronger authentication systems that employ certificates and encryption. We'll look at some of the problems of username/password authentication schemes and what you can do about them later.


PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint