Wrapping Up
Having users sign in to get access to advanced functionality isnât always enough. Access control lets you differentiate between users and enforce what they can access. In this chapter, we discussed the similarities and differences of various access control methods.
Then we moved on to discuss how access validation should always be done as close to the actual operation as possible. We also established that you should avoid direct object references to privileged objects where possible. And finally, we covered that you shouldnât just validate a userâs access level but also validate access to specific objects.
Weâve set up our full application stack, but weâre missing one vital componentâfunctionality. In the next chapters ...
Get Secure Your Node.js Web Application now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.