Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security: Authentication & Authorization

Published byAnna-Leena Laaksonen Modified over 5 years ago

Similar presentations

Presentation on theme: "Security: Authentication & Authorization"— Presentation transcript:

1 Security: Authentication & Authorization
Security: Authentication & Authorization

2 In the most general terms, what bad things does computer security aim to prevent?

3 In the most general terms, what bad things does computer security aim to prevent?
Unauthorized access to data Unauthorized modification of data Unauthorized control

4 Two Key Security Concerns
Authentication Who is the user? Authorization What is the user allowed to do/access?

5 What methods of authentication are there?

6 What methods of authentication are there?
Passwords Biometrics SMS code Secret question USB key

7 Where should authentication/authorization go?
Ye Olde Internet Browser Rails Router Controller View Model DB

8 Where should authentication/authorization go?
Ye Olde Internet Browser Rails Router Controller View Model DB Around here!

9 Given stateless nature of HTTP, how to prevent user from re-authenticating with each HTTP request?
Ye Olde Internet Browser Rails Router Controller View Model DB

10 Given stateless nature of HTTP, how to prevent user from re-authenticating with each HTTP request?
Ye Olde Internet Browser Rails Router Controller View Model DB Sessions/Cookies

11 How Cookies Work From:

12 A session is a server-side object that stores “conversational state”
Ye Olde Internet Browser Rails Router Controller View Model DB

13 How to do authorization?

14 Role-Based Access Control
Taken from

15 Final Note About Authentication and Authorization in Rails
Example time! See: Rails Tutorial (Hartl) does “by hand” Gems available as well Devise most popular?

Download ppt "Security: Authentication & Authorization"

Similar presentations

The Basic Authentication Scheme of HTTP. Access Restriction Sometimes, we want to restrict access to certain Web pages to certain users A user is identified.

The Basic Authentication Scheme of HTTP. Access Restriction Sometimes, we want to restrict access to certain Web pages to certain users A user is identified.
ASP Cookies Y.-H. Chen International College Ming-Chuan University Fall, 2004.

ASP Cookies Y.-H. Chen International College Ming-Chuan University Fall, 2004.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Postacademic Interuniversity Course in Information Technology – Module C1p1 Contents Data Communications Applications –File & print serving –Mail –Domain.

Postacademic Interuniversity Course in Information Technology – Module C1p1 Contents Data Communications Applications –File & print serving –Mail –Domain.
Web-based E-commerce Architecture

Web-based E-commerce Architecture
12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.

12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.
Feedback #2 (under assignments) Lecture Code:

Feedback #2 (under assignments) Lecture Code:
Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.

Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.
MACIASZEK, L.A. (2001): Requirements Analysis and System Design. Developing Information Systems with UML, Addison Wesley Chapter 6 - Tutorial Guided Tutorial.

MACIASZEK, L.A. (2001): Requirements Analysis and System Design. Developing Information Systems with UML, Addison Wesley Chapter 6 - Tutorial Guided Tutorial.
MMTK Access control. Session overview Introduction to access control Passwords –Computers –Files –Online spaces and networks Firewalls.

MMTK Access control. Session overview Introduction to access control Passwords –Computers –Files –Online spaces and networks Firewalls.
Introduction to ASP.NET1. 2 Web applications in general Web applications are divided into two parts –The server part –The client part The server part.

Introduction to ASP.NET1. 2 Web applications in general Web applications are divided into two parts –The server part –The client part The server part.
COOKIES and SESSIONS. COOKIES A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each.

COOKIES and SESSIONS. COOKIES A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each.
Web Database Programming Week 7 Session Management & Authentication.

Web Database Programming Week 7 Session Management & Authentication.
Qaforum Security Structure. What’s SSO Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a.

Qaforum Security Structure. What’s SSO Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a.
The Problem of State. We will look at… Sometimes web development is just plain weird! Internet / World Wide Web Aspects of their operation The role of.

The Problem of State. We will look at… Sometimes web development is just plain weird! Internet / World Wide Web Aspects of their operation The role of.
CP476 Internet Computing CGI1 Cookie –Cookie is a mechanism for a web server recall info of accessing of a client browser –A cookie is an object sent by.

CP476 Internet Computing CGI1 Cookie –Cookie is a mechanism for a web server recall info of accessing of a client browser –A cookie is an object sent by.
Web Measurement. The Web is Different from other Commuication Media More precise measurement of activity on Web sites is available More precise measurement.

Web Measurement. The Web is Different from other Commuication Media More precise measurement of activity on Web sites is available More precise measurement.
Display Page (HTML/CSS)

Display Page (HTML/CSS)
COEN 350: Network Security E-Commerce Issues. Table of Content HTTP Authentication Cookies.

COEN 350: Network Security E-Commerce Issues. Table of Content HTTP Authentication Cookies.

Similar presentations

Ads by Google