No.1 Wangzhuang Rd, Haidian, Beijing, PRC
Focusing on information security for 20 years,making communication safer.
No.1 Wangzhuang Rd, Haidian, Beijing, PRC
Focusing on information security for 20 years,making communication safer.
Code security protects the normal, day-to-day operations of an app, tool, or daemon. But what happens when your code is under siege? It is often essential to know not only what the user is doing but also who the user is and whether the user is allowed to do that. This is where authentication and authorization come into play.
“If you know yourself but not your enemy, for every victory gained you will also suffer a defeat.” — Sun Tzu, The Art of War When securing software, the first thing you must do is find a way to distinguish friend from foe. This process is called authentication. In computer security, authentication verifies the identity of a user or service. Authentication usually serves one of two purposes: Authorization is the process by which an entity such as a user or a server gets permission to perform a restricted operation. The term is also often used to refer to the right itself, as in “The soldier has authorization to enter the command bunker.” The difference between authentication and authorization is somewhat subtle. Often, the mere fact that a user has an account means that the user is authorized to do something, in which case authentication and authorization are the same thing. However, in more complex systems, the difference becomes more obvious. Consider a computer with two users. Each user is known to the system. Therefore, both users can each log in to the computer, and it authenticates them. However, neither user is authorized to modify the other’s files, and as a result, neither user can do so.Authentication
Three types of authentication are most common:
Authorization
There are a number of excellent books on computer security that you should consider reading. Here are just a few of them, grouped into subject areas.