The opportunity to secure ourselves against defeat lies in our own hands, but the opportunity of defeating the enemy is provided by the enemy himself.
Chapter 9Set Up Access Control
In the previous chapters we set up authentication and sessions. We now know who is logged in and who is not. Thatâs not enough; you donât want me to be able to see your information just because Iâm logged into the same application. We need to be more specific, and for that we have to set up access control.
Access control defines and enforces the relationship between users and their privileges so that only the right users can access certain things in the application. In this chapter, we start with a refresher about the main access control methodologies ...
Get Secure Your Node.js Web Application now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
