WebApp Sec mailing list archives
Re: Controlling access to pdf/doc files
From: Suresh Prabhu <surabhi87 () yahoo com>
Date: Wed, 25 Feb 2004 19:42:55 -0800 (PST)
Hi, The actual solution would depend on specific scenarios: type of architecture, application servers used etc. And the complexity, granularity of controls needed. In any enterprise application, it is best to have a set of core services that provide authentication and authorization mechanisms. Access control to specific files (could be bank account statements, or even code pages like .asp or .jsp) needs to be handled through the authorization module. Every request for a resource needs to be validated by the authorization module: and this can be based on the user, or his/her role or some other attribute. One of the drawbacks of the above is that the control is done through programmatic means. And hence chances of mistakes from the application administrator and bugs while coding is high. Some of the application servers (conforming to J2EE specs, not sure of the .NET world) do provide authorization mechanisms - based on roles. You can specify (in a declarative way, in XML format) the specific resources that are accessible based on roles. -SRP (srp () ieee org) __________________________________ Do you Yahoo!? Get better spam protection with Yahoo! Mail. http://antispam.yahoo.com/tools
Current thread:
- Controlling access to pdf/doc files Sangita Pakala (Feb 24)
- Re: Controlling access to pdf/doc files Blasted (Feb 24)
- Re: Controlling access to pdf/doc files Suresh Prabhu (Feb 26)
- Re: Controlling access to pdf/doc files chasd (Feb 26)
- Re: Controlling access to pdf/doc files lists AT dawes DOT za DOT net (Feb 26)
- RE: Controlling access to pdf/doc files Paulus Widodo (Feb 26)
- <Possible follow-ups>
- Re: Controlling access to pdf/doc files Jed Holler (Feb 25)
- RE: Controlling access to pdf/doc files Scovetta, Michael V (Feb 25)
- RE: Controlling access to pdf/doc files GRIFFITHS ian (Feb 25)
- RE: Controlling access to pdf/doc files Alistair Meikle (Feb 26)
- Re: Controlling access to pdf/doc files Mark Curphey (Feb 26)
- RE: Controlling access to pdf/doc files Sangita Pakala (Feb 28)
- Re: Controlling access to pdf/doc files David Cameron (Feb 28)
- RE: Controlling access to pdf/doc files Sangita Pakala (Feb 28)
(Thread continues...)