- There exists a clearly defined matrix defines access permissions on resources by different user roles and processes.
- Access to sensitive and system resources is restricted to selected roles only.
- Authorization is based on Windows authentication
- The system uses ACLs (in addition to other) techniques for authorization.
- The system uses application-level, (in addition to other) techniques for authorization.
- The system uses code access level (in addition to other) techniques for authorization. (e.g.. CAS in dot net)
- The authorization mechanism of the application achieves from organizational changes and movements e.g.. Richard is in one role today, another tomorrow. In tomorrow's role he is less privileged than today's.
- Identity information is passed without specific protection from one part of the application to the other, only if the sender and the receiver reside in trusted zones.
- Identity information is passed by signing/encrypting from one part of the application to the other, if the sender and the receiver reside in non-trusted zones.
- Authorization has been performed in the UI tier such that controls are hid/shown based on user authorization. If this is true check the following: the logic for the above is consolidated in a single section of the design documents. Where the behaviour of a control is consistent across pages, a repeater control is used.
- The MVC pattern is used for the application.
- If the number of roles is less and/or if the pages for each role differ to a large extent then separate UI should be created.
- Authorization has been performed in the UI tier such that flow of UI is changed based on type of user
- Authorization has been performed in the UI tier such that access to the entry page of the app is configured for authorized users only.
- Authorization has been performed in the UI tier such that authorization check is carried out each time a new page is loaded.
- Authorization has been performed at the business logic.
- Authorization has been performed at the database level.
- Access to database tables and other entities is being controlled using SQL Data Definition Language such as GRANT, DENY and REVOKE.
- The database rules are being used to enforce security and authorization.
- The architecture takes into consideration that no more data is read other than what is required to be displayed to the user.
- All operations that perform a business process are authorized.
- Authorization functionality is encapsulated as utility classes. (This will obviate the need for non-security minded programmers from having to learn too much about authorization)
- Guards are present to ensure that sensitive data cannot propagate outside the data tier.
- "If the authorization logic is simple, checks are being made in stored procedures.
- If the authorization logic is complex, checks are being made in data access logic components and call SPs."
- If an authorization cache is being used then it is protected by encryption (for confidentiality) and is signed (to prevent tampering)
Friday, October 27, 2006
Security considerations for user authorization in applications
Subscribe to:
Post Comments (Atom)
1 comment:
Your site is very informative. The matter is nicely explained. Keep blogging.... Cheers.
Post a Comment