Reading-Notes
Class 08 Summary :
Access Control (ACL) :
When is Basic Authorization used vs. Bearer Authorization?
- Basic : to ensure correct login information, handling encoded informationpassed from client to server.
- Bearer : grant user access only if the user has a token.
What does the JSON Web Token package do?
- ” is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed”.
What considerations should we make when creating and storing a SECRET?
- Use environment variables.
- Encryptions should be used to store those secretes within .git repositories
- Don’t store them in .git repositories
Document the following Vocabulary Terms :
| Term | |
|---|---|
| encryption | the method by which information is converted into secret code that hides the information’s true meaning. |
| token | coded string used to securely transfer information over the web. |
| bearer | is a cryptic string, usually generated by the server in response to a login request. The client must send this token in the Authorization header when making requests to protected resources |
| secret | Secret refers to a secret key or passcode that is used by a user to login, or create a login. |
| JSON Web Token | is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. |
RBAC :
-
” role-based access control (RBAC) or role-based security is an approach to restricting system access to authorized users. It is an approach to implement mandatory access control (MAC) or discretionary access control (DAC)”.
- Three primary rules are defined for RBAC:
- Role assignment
- Role authorization
- Permission authorization
- 5 steps to simple role-based access control (RBAC) :
- Inventory your systems
- Analyze your workforce and create roles
- Assign people to roles
- Never make one-off changes
- Audit
