Access control List(ACL) in CakePHP

An Access control list or ACL is used to make access control for each of the logins and handle security of the app.

For example, ACL handles menu level permission access and function or module level access permission. When a subject requests an operation on an object in an ACL-based security model the operating system first checks the ACL for an applicable entry to decide whether the requested operation is authorized. A key issue in the definition of any ACL-based security model is determining how access control lists are edited, namely which users and processes are granted ACL-modification access. ACL models may be applied to collections of objects as well as to individual entities within the system’s hierarchy.
ACL basically handles 2 things:

ARO(Access Request Object):

Aros are of usergroups and users. Each of the users are mapped to aros to know the group he belongs to.

ACO(Access Control Object):

Aros are of menus and modules. Where every usergroup will have permissions to access each of these menus and modules.

Essentially, ACL is what is used to decide when an ARO can have access to an ACO.

In order to help you understand how everything works together, let’s use a semi-practical example. Imagine, for a moment, a computer system used by a familiar group of fantasy novel adventurers from the Lord of the Rings. The leader of the group, Gandalf, wants to manage the party’s assets while maintaining a healthy amount of privacy and security for the other members of the party. The first thing he needs to do is create a list of the AROs involved:
  • Gandalf
  • Aragorn
  • Bilbo
  • Frodo
  • Gollum
  • Legolas
  • Gimli
  • Pippin
The next thing Gandalf needs to do is make an initial list of things, or ACOs, the system will handle. His list might look something like:
  • Weapons
  • The One Ring
  • Salted Pork
  • Diplomacy
  • Ale
Read more…

Source: InstaCarma

Comments

Post a Comment

Popular posts from this blog

DevOps Basics You Should Know Before Adopting Services

Before you consider   D evOps service   for your organization to embrace this new approach, it is critical for you to develop at least a basic understanding of what all it takes for the holistic implementation of devOps for your organization. Just like agile, the adoption of devOps also involves embracing a set of practices that result from an organizational attitude, philosophy and culture. This is the reason why adopting devOps can be a bit misleading since the organizations are likely to undertake a few of the devOps related activities according to their understanding of it, and thereby, start believing that they have implemented it successfully – regardless of whether these activities define devOps or not. By this, we mean to say that more than being just a set of activities, devOps is a cultural change that an organization needs to make, for embracing it wholeheartedly. So, exactly what all does the devOps culture comprise of? To get there, we need to understand what motivated
Read more

Poodle – SSL Security Threat Explored

Poodle  is a breed of dog with legs that resembles cotton candies. It is intelligent and a regular staple at dog shows. Even the most friendly dogs have the propensity to bite.  Now we see all kinds of security alerts and snafus likes heartbleed and shell shock!!! The latest in addition is POODLE. All of this started when a team in Google developed and tested an attack named POODLE  (Padding Oracle On Downgraded Legacy Encryption) which uncovered vulnerability in  Secure Sockets Layer (SSL) version 3 protocol or in short SSLv3. SSLv3 is an obsolete but still used encryption in both older and new web browsers.  (It is an 18-year-old protocol which was replaced by the TLS protocol) POODLE tries to force the connection between your web browser and the server to downgrade  to SSLv3.  The POODLE attack takes advantage of the protocol version negotiation feature built into SSL/TLS to force the use of SSL 3.0 and then uses this new vulnerability to decrypt sele
Read more

cPanel Updates – November 2014

Image
We have new updates from cpanel. 1) Notice: 11.40 Now EOL, 11.42 to EOL in 3 Months cPanel & WHM software version 11.40 has now reached End of Life . In accordance with our EOL policy [http://go.cpanel.net/longtermsupport], 11.40 will continue functioning on servers.  The last release of cPanel & WHM 11.40, 11.40.1.22, will remain on our mirrors indefinitely.  However, no further updates, such as security fixes and installations, will be provided for 11.40. Older releases of cPanel & WHM 11.40 will be removed from our mirrors. cPanel & WHM 11.42 is set to reach End of Life at the end of January 2015. We recommend that all customers migrate any existing installations of cPanel & WHM 11.42 to a newer version (either 11.44 or 11.46). If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at http://go.cpanel.net/blockers) , then cPanel is here to hel
Read more