Welcome to Scribd!

Skip carousel

Authentication and Authorization in PHP: Role-Based Access Control

Uploaded by

marcelo.cunha.ti3163

0% found this document useful (0 votes)

64 views29 pages

Original Title

rbac-role-based-access-control-slides

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

64 views29 pages

Authentication and Authorization in PHP: Role-Based Access Control

Uploaded by

marcelo.cunha.ti3163

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 29

Search inside document

Authentication and Authorization in PHP

ROLE-BASED ACCESS CONTROL

Matthew Setter
PHP SECURITY ENGINEER
@settermjd matthewsetter.com
Module Overview
– Learn about Role-based Access Control
– What it is
– How it works
– Its advantages and disadvantages
– How to implement it in PHP
What is Role-based Access Control?
“Role-Based Access Control, or RBAC, provides
web application security administrators with the
ability to determine who can perform what
actions, when, from where, in what order, and in
some cases under what relational
circumstances. In Role-Based Access Control,
access decisions are based on an individual's
roles and responsibilities within the organization
or user base.”
Role-based Access Control - OWASP
“RBAC can be used to facilitate
administration of security in large
organizations with hundreds of
users and thousands of
permissions, such as those in the
Fortune 500 companies.”
Role-based Access Control - Wikipedia
Differences to Access Control Lists

1. Works at the role level

“An access control list could be used for
granting or denying write access to a particular
system file, but it would not dictate how that
file could be changed. However, in an RBAC-
based system, an operation might be to ‘create
a credit account transaction in a financial
application’ or to ‘populate a blood sugar level
test’ record in a medical application.”
Wikipedia
Differences to Access Control Lists

1. Works at the role level

2. Doesn't have the concept of a resource
network scans remove users
access audits
add users
run reports
update users
search users

change passwords suspend users

check profiles
A Theoretical Model

Users Roles Permissions

IT change
search suspend
user
users user
password

Security Helpdesk
Manager add update delete
user user user
Jane Michael

Helpdesk
Operator
A Theoretical Model

change
search suspend
user
users user
password
Security Helpdesk
Manager
Jane Michael
add update delete
user user user

Helpdesk
Operator
A Theoretical Model

IT
add
user

Security Helpdesk update

Manager user

Jane Michael delete

Helpdesk user
Operator

change
search suspend
user
users user
password
A Theoretical Model

IT
add
user

Security Helpdesk update

Manager user

Jane Michael delete

Helpdesk user
Operator

change
search suspend
user
users user
password
A Theoretical Model

IT
add
user

Security Helpdesk update

Manager user
Jane

delete
Helpdesk user
Operator

Michael change
search suspend
user
users user
password
A Theoretical Model

IT
add
user

Security Helpdesk update

Manager user
Jane

delete
Helpdesk user
Operator

Michael change
search suspend
user
users user
password
A Theoretical Model

IT
add
user

Security Helpdesk update

Manager user
Jane

delete
Helpdesk user
Operator

Michael change
search suspend
user
users user
password
Quick Recap

– Role-based Access Control essentials

– How RBAC is different to ACL
– Saw a theoretical RBAC model
Up Next:
Advantages and Disadvantages
Advantages and Disadvantages
Advantages

– Roles are assigned based on org structure

– Aligns with security principles
– Easier to use and administer than ACLs
A Theoretical Model

IT
add
user

Security Helpdesk update

Manager user
Jane

delete
Helpdesk user
Operator

Michael change
search suspend
user
users user
password
Disadvantages

– Users, roles, and permissions need to be

well documented
– Users can acquire too many privileges
How to Mitigate RBACs Disadvantages

Conduct Regular Audits Review Access as

Users Change Roles
Quick Recap

– Advantages and disadvantages

– How to mitigate some disadvantages
Up Next:
Implement Role-based Access Control in PHP
Implement Role-based Access Control in PHP
Module Recap
Module Recap
– Learned about Role-based Access Control
– What it is
– How it works
– Advantages and disadvantages
– How to implement it in PHP
Up Next:
JSON Web Tokens

Mastering SQL Server 2008
From Everand
Mastering SQL Server 2008
Michael Lee
No ratings yet
Datasheet PasswordManager 092807
Document2 pages
Datasheet PasswordManager 092807
psr4522
No ratings yet
Enabling Technologies for Mobile Services: The MobiLife Book
From Everand
Enabling Technologies for Mobile Services: The MobiLife Book
Mika Klemettinen
No ratings yet
Desktop Central It Admin
Document22 pages
Desktop Central It Admin
support lantai5
No ratings yet
Desktop Central It MGR
Document12 pages
Desktop Central It MGR
indabhar
No ratings yet
Extension Mobility 01
Document15 pages
Extension Mobility 01
Tarek El Kady
No ratings yet
Chapter 8 Organizing Information Technology Services Chapter 9 Privacy and Security
Document18 pages
Chapter 8 Organizing Information Technology Services Chapter 9 Privacy and Security
Yubi Kim
No ratings yet
Project Commissioning 5
Document9 pages
Project Commissioning 5
Salah Hamo
No ratings yet
On Product Management System
Document16 pages
On Product Management System
Adam
No ratings yet
Task 2 Activity 3 - Analysing Effect of Encryption On User Roles
Document1 page
Task 2 Activity 3 - Analysing Effect of Encryption On User Roles
Ohms Branguelo
No ratings yet
Design and Implementation of Student Information Management System Based On Java
Document3 pages
Design and Implementation of Student Information Management System Based On Java
Thea Toñacao
No ratings yet
Monitoring Online Tests Through Data Visualization
Document26 pages
Monitoring Online Tests Through Data Visualization
Karthik Rao
No ratings yet
Doing More With Less
Document21 pages
Doing More With Less
Spil_vv_IJmuiden
100% (1)
Oracle E-Business Suite Controls Application Security Best Practices TOC
Document5 pages
Oracle E-Business Suite Controls Application Security Best Practices TOC
Greg Lusinski
No ratings yet
Employee Management System
Document17 pages
Employee Management System
muthukrishnan R
No ratings yet
Online Product Maintenance System (Synopsis)
Document15 pages
Online Product Maintenance System (Synopsis)
vishal rana
No ratings yet
Guipos Cave Resort Cashiering System Automation Project
Document1 page
Guipos Cave Resort Cashiering System Automation Project
Amor Dianne
No ratings yet
Configuration Management Itil Change Management Cmii
Document8 pages
Configuration Management Itil Change Management Cmii
Utku Bayram
No ratings yet
Examonline Architecture & SRS
Document78 pages
Examonline Architecture & SRS
Samer Ramahi
No ratings yet
IT Training Certification - Microsoft Certified Systems Engineer (MCSE) Course Outline
Document14 pages
IT Training Certification - Microsoft Certified Systems Engineer (MCSE) Course Outline
Dayakar Merugu
No ratings yet
Roles in Service Operations
Document4 pages
Roles in Service Operations
Md Kamruzzaman
No ratings yet
Information Systems Development: Week 3
Document38 pages
Information Systems Development: Week 3
ArifHartono
No ratings yet
Data Integrity Compliance in The Analytical Laboratory: Solutions Offered by Shimadzu Corporation
Document4 pages
Data Integrity Compliance in The Analytical Laboratory: Solutions Offered by Shimadzu Corporation
Alexis Zayas
No ratings yet
ITIL® Maturity Model: Public
Document14 pages
ITIL® Maturity Model: Public
forbiswajit
No ratings yet
Project Title: Sistem Administrasi Laundry (SI ALAY)
Document6 pages
Project Title: Sistem Administrasi Laundry (SI ALAY)
Gebby Lavenia Nugrahani
No ratings yet
Mailing System
Document23 pages
Mailing System
Stromer07
No ratings yet
SE GTU Study Material Presentations Unit-4 11082020080841AM
Document21 pages
SE GTU Study Material Presentations Unit-4 11082020080841AM
Gaming Buzz
No ratings yet
EMS Project Report PDF
Document43 pages
EMS Project Report PDF
Rahul Chopade
No ratings yet
RBAC STD Proposal
Document29 pages
RBAC STD Proposal
Avinash Reddy
No ratings yet
HOSTEL MANAGEMENT SYSTEM
Document21 pages
HOSTEL MANAGEMENT SYSTEM
Himanshuu Dubey
No ratings yet
Change Management Product Flyer
Document2 pages
Change Management Product Flyer
AxiosSystems
100% (1)
Black Orange Dark Simple Digital Financial Technology (Fintech) Technology Presentation
Document6 pages
Black Orange Dark Simple Digital Financial Technology (Fintech) Technology Presentation
Rohit Singh
No ratings yet
Mini Project - 1 - Prasannah - Jivatarshini - Prema - Nivethaa
Document15 pages
Mini Project - 1 - Prasannah - Jivatarshini - Prema - Nivethaa
Prasannah Chelvaraj
No ratings yet
Itil Update
Document3 pages
Itil Update
oc111e
No ratings yet
Phone Book Management System: Software Requirement Specification Team Members
Document16 pages
Phone Book Management System: Software Requirement Specification Team Members
mayankalva
40% (5)
Implement a Basic MDM Project with EBX5
Document10 pages
Implement a Basic MDM Project with EBX5
sakir bayram
100% (1)
2021-22 Kcs601 Aktu Solution
Document30 pages
2021-22 Kcs601 Aktu Solution
n200verma
No ratings yet
Mini-Project 3: Stock Management System (S.M.S)
Document12 pages
Mini-Project 3: Stock Management System (S.M.S)
Jonathan fanai
No ratings yet
Introduction to Software Development Process
Document4 pages
Introduction to Software Development Process
vikki2810
No ratings yet
KL - Systems and Data Audit Work Program
Document6 pages
KL - Systems and Data Audit Work Program
Parameswaran Lakshmynarayanan
No ratings yet
Sosialisasi SNI ISO-IEC 20000 - Sistem Manajemen Layanan
Document10 pages
Sosialisasi SNI ISO-IEC 20000 - Sistem Manajemen Layanan
dyogasara2
No ratings yet
ChaRM-CSOL and Incident - Change - Tobias Hauk PDF
Document55 pages
ChaRM-CSOL and Incident - Change - Tobias Hauk PDF
Basava Lingam
No ratings yet
The APOGEE Compliance Solution-Technological Elements For 21 CFR Part 11 Compliance
Document5 pages
The APOGEE Compliance Solution-Technological Elements For 21 CFR Part 11 Compliance
phongred
No ratings yet
Security Red Paper V2B
Document15 pages
Security Red Paper V2B
spiderorio
No ratings yet
ITIL Benefits
Document9 pages
ITIL Benefits
QAI
No ratings yet
ERP Sid
Document25 pages
ERP Sid
siddharth devnani
No ratings yet
BPC Authorization
Document21 pages
BPC Authorization
sheikh
No ratings yet
Application For Recording Operational Activities in The Helpdesk Division (Case Study: PT - Maybank Indonesia, TBK)
Document4 pages
Application For Recording Operational Activities in The Helpdesk Division (Case Study: PT - Maybank Indonesia, TBK)
ATS
No ratings yet
Unit 5 Assignment
Document2 pages
Unit 5 Assignment
kireeti415
No ratings yet
Appendices Dataflow Diagrams: Start
Document5 pages
Appendices Dataflow Diagrams: Start
Thiru Sachin
No ratings yet
Requirements Elicitation and Analysis: Goal of Conversation Elicit Model Tips
Document2 pages
Requirements Elicitation and Analysis: Goal of Conversation Elicit Model Tips
Susheel Kumar
No ratings yet
Level zero diagram for TVET-2
Document16 pages
Level zero diagram for TVET-2
metrinenanzala303
No ratings yet
Power System Modeling
Document54 pages
Power System Modeling
Marcos Siqueira
No ratings yet
SYS 605 Module 4 Integration I PDF 2 22 20
Document52 pages
SYS 605 Module 4 Integration I PDF 2 22 20
Omar Aziz
No ratings yet
Defect Tracking System
Document32 pages
Defect Tracking System
Rajdeep Sinha
No ratings yet
04 OS90514EN15GLA0 User Management
Document98 pages
04 OS90514EN15GLA0 User Management
Elego13th
No ratings yet
Centralized Management and LDAP Practical Questionnaire
Document1 page
Centralized Management and LDAP Practical Questionnaire
Iván Barra
No ratings yet
Iot Merged
Document132 pages
Iot Merged
Sidharth Suresh Kumar
No ratings yet
Datasheet Password Reset Server
Document2 pages
Datasheet Password Reset Server
Radu Costin
No ratings yet
The Power of Automating Manual Journal Entries
Document10 pages
The Power of Automating Manual Journal Entries
pakulajacek
No ratings yet
Authentication and Authorization in PHP: The Impact of Privacy Legislation
Document49 pages
Authentication and Authorization in PHP: The Impact of Privacy Legislation
marcelo.cunha.ti3163
No ratings yet
Authentication and Authorization in PHP: Access Control Lists
Document31 pages
Authentication and Authorization in PHP: Access Control Lists
marcelo.cunha.ti3163
No ratings yet
Authentication and Authorization in PHP: Json Web Tokens
Document42 pages
Authentication and Authorization in PHP: Json Web Tokens
marcelo.cunha.ti3163
No ratings yet
Authentication and Authorization in PHP
Document24 pages
Authentication and Authorization in PHP
marcelo.cunha.ti3163
No ratings yet
Getting Started with OWASP ZAP Security Tool
Document10 pages
Getting Started with OWASP ZAP Security Tool
Carlos Zuluaga
No ratings yet
PCI DSS Compliance Guide
Document108 pages
PCI DSS Compliance Guide
Imageking
100% (4)
Decoding NESA
Document8 pages
Decoding NESA
PRASHANTH B S
No ratings yet
Acces Etva en
Document3 pages
Acces Etva en
Patrick Jonas
No ratings yet
PDF Fase 2 Mi Cuerpo Voz Territorio Creativo DL
Document9 pages
PDF Fase 2 Mi Cuerpo Voz Territorio Creativo DL
marta
No ratings yet
Ccna Cyber Ops
Document2 pages
Ccna Cyber Ops
Carlos Gutierrez
No ratings yet
Configuring MAC-Based Authentication On A Switch Through The Command Line Interface
Document14 pages
Configuring MAC-Based Authentication On A Switch Through The Command Line Interface
Buba Hanakoye
No ratings yet
Product Matrix: Network Security Platform - Top Selling Models Matrix
Document6 pages
Product Matrix: Network Security Platform - Top Selling Models Matrix
Washington Cárdenas
No ratings yet
An Illustrated Guide To SSH Tunnels
Document20 pages
An Illustrated Guide To SSH Tunnels
leonard1971
No ratings yet
Finance in A Digital World Technology Aas Partner Not A Threat
Document7 pages
Finance in A Digital World Technology Aas Partner Not A Threat
Naufal Ridlo Muttaqiin
No ratings yet
The Criminal Networks of the Tri-Border Area
Document119 pages
The Criminal Networks of the Tri-Border Area
Rodrigo Ibarrola
No ratings yet
SOC 2 Type 2 - VRealize Operations Cloud FY21 (2)
Document118 pages
SOC 2 Type 2 - VRealize Operations Cloud FY21 (2)
cyntaxera
No ratings yet
DEKRA Certification Group: Jos Versteegen Sales & Business Development Manager
Document13 pages
DEKRA Certification Group: Jos Versteegen Sales & Business Development Manager
Muraryspotty
No ratings yet
Training: Online Ethical Hacking Training
Document6 pages
Training: Online Ethical Hacking Training
PHrairyia
No ratings yet
Unit-III - E-Commerce and Its Application
Document90 pages
Unit-III - E-Commerce and Its Application
Vasa Vijay
No ratings yet
Babington Plot
Document4 pages
Babington Plot
dianwiryo
100% (1)
1.5 IGCSE ICT Impact of Emerging Technologies Topic Question Paper 1 Set 1 WM
Document5 pages
1.5 IGCSE ICT Impact of Emerging Technologies Topic Question Paper 1 Set 1 WM
maha
No ratings yet
Wang2019 PDF
Document35 pages
Wang2019 PDF
Lenin Sleyter Saavedra Jimenez
No ratings yet
Fortisandbox: Broad Coverage of The Attack Surface With Security Fabric
Document6 pages
Fortisandbox: Broad Coverage of The Attack Surface With Security Fabric
mmxy_1
No ratings yet
ImmuniWeb Website Security Test Report - 1DBG0vyq
Document9 pages
ImmuniWeb Website Security Test Report - 1DBG0vyq
tc
No ratings yet
Cyber Security
Document12 pages
Cyber Security
neeha gajula
No ratings yet
Security report highlighting top vulnerabilities and attacks
Document11 pages
Security report highlighting top vulnerabilities and attacks
Alzi Al-Lail
No ratings yet
Myit - Vol 5 No1 Sdec Lores PDF
Document25 pages
Myit - Vol 5 No1 Sdec Lores PDF
tan sieting
No ratings yet
Research On SQL Injection Attack and Prevention Technology Based On Web
Document4 pages
Research On SQL Injection Attack and Prevention Technology Based On Web
Abhinav Singh
No ratings yet
Bccpa V351
Document238 pages
Bccpa V351
laura_yln
No ratings yet
Your Freedom User Guide
Document58 pages
Your Freedom User Guide
Peyman Lotfi
100% (1)
Manual Laptop Acer Aspire e 14
Document73 pages
Manual Laptop Acer Aspire e 14
dyan mahendratama
No ratings yet
Whatsapp End To End Encryption
Document4 pages
Whatsapp End To End Encryption
Diaconescu Iulian Florin
No ratings yet
Empower-Employment and Training Department, Govt. of TamilNadu
Document1 page
Empower-Employment and Training Department, Govt. of TamilNadu
JijiPan
No ratings yet
Configure Single Sign-On Using STAS On XG Firewall: Start
Document65 pages
Configure Single Sign-On Using STAS On XG Firewall: Start
Jose G. Duran
No ratings yet
Blockchain Beginner To Advanced Guides
Document1,155 pages
Blockchain Beginner To Advanced Guides
Walid
No ratings yet