The access-control tag has no wiki summary.
6
votes
1answer
342 views
What is the nicest (user-friendliest) way to tell a user about “Access Denied” error?
Our software implements a layer of role-based security to secure data access, in the form of access control lists. Whenever a user tries to do something that isn't allowed, the software layer will ...
5
votes
4answers
481 views
Why do organizations limit source code access to engineers? [closed]
Most organizations restrict access to the source code to engineers, and even at places like Google, the Android source code is kept off-limits to most engineers within the company. Why?
Note: I am ...
4
votes
1answer
206 views
Methodologies for Managing Users and Access?
This is something I'm having a hard time getting my head around. I think I might be making it more complicated than it is.
What I'm trying to do is develop a method to store users in a database with ...
4
votes
2answers
140 views
What kind of permission is this? (Groups+Roles)
I'm starting to need an access control for roles in my app.
I don't know much of this, but I understand how vBulletin works:
I create groups, then give permissions to groups.
I think that what I ...
2
votes
2answers
191 views
Coding user rights
Imagine a system which has a number of functions and a number of users. A user must have rights to a specific function. Users may belong to a group. A group may belong to a group.
So as a simple ...
2
votes
1answer
224 views
How to Implement Restricted Access to Application Features
I'm currently developing a web application, that provides some 'service' to the user. The user will have to select a 'plan' according to which she/he will be allowed to perform application specific ...
2
votes
1answer
114 views
Should I manage authentication on my own if the alternative is very low in usability and I am already managing roles?
As a small in-house dev department, we only have experience with developing applications for our intranet. We use the existing Active Directory for user account management. It contains the accounts of ...
2
votes
1answer
74 views
What is a good overview of options for access controls/permissions?
I'm in the process of designing the access control portion of a moderately complex application, but I feel like I'm re-discovering a lot of wheels.
Does there exist a good overview of the "access ...
2
votes
1answer
165 views
Duplication of view access control logic in database queries and application component
Our web application has a complex access control system which incorporates role-based and object-level privileges.
In the business logic layer, this is implemented by a component that obtains (and ...
1
vote
1answer
168 views
Control a microwave from my computer [closed]
Is there anyways I can take apart a microwave (any kind) and some how plug it into my computer and control it from my computer? Where to start... where to start...
0
votes
1answer
136 views
How to implement a hybrid role-based access control model?
I am writing an enterprise web-forms-frontend application for in-house use. It has Direct access control (DAC) masquerading as Role-based access control (RBAC).
For anonymization purposes, let's ...
0
votes
0answers
90 views
Writing a script to tell which users are currently typing? [closed]
I'm working on a lab for a cyber-security class and need to find out when certain users are communicating with each other (through named pipes).
The users use:
python gameProgram.py
And then that ...
0
votes
0answers
21 views
Are Spring SPeL security issues fixed and can it be considered safe?
I have heard about Spring SPeL security and access control issues. The answer to this SO question describes a true issue allowing injection and access to restricted data.
Has it been fixed? Is it ...
