O'Reilly logo

Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition by Thomas Myer, Michael Southwell, Chris Snyder

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Access Control for Web Applications

Authentication systems aren't the only methods at your disposal for ensuring use by legitimate users—you can also use access control systems specifically for web applications. Yes, you learned in Chapter 4 that you could use system-level access controls, but for many reasons these aren't feasible in a web application:

  1. It is impractical to use file ownership and permissions to control access to files and scripts that must all be readable by the webserver user nobody.
  2. An online application should never be allowed to create (or even expose the existence of) system-level user accounts. Besides making it difficult to scale an application across multiple servers, each additional system account is a potential agent ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required