5.2. Foundations of Security
The essential point of security is to protect resources from unauthorized access. This requires two categories of protection: data on the network, and both data and processes on the computer itself.
Protecting an individual computer is usually addressed by the following familiar steps:
1. |
Determine who wants to do something (for example using a login name)
|
2. |
Determine if the person is really who they claim to be (for example using a password)
|
3. |
Determine if the person should be doing this (for example using a permission list)
|
Where the network is concerned, you must address another problem. Requests that are made over the network are usually subjected to a similar type of validation as was just discussed, but ...
Get Sun Certified Enterprise Architect for J2EE™ Technology Study Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.