认证与授权 [英] Authentication versus Authorization

问题描述

有什么在Web应用程序的区别？总之，请。

我看到缩写身份验证了许多。它代表的权威性 -entication或权威性 -orization？或者两者都是？

解决方案

  

验证是确定某人确实是他声称自己是谁的过程。

  
  

授权是指确定谁可以做什么规则。例如。亚当可以被授权创建和删除数据库，
  而乌萨马·本仅被授权读取。

这两个概念是完全正交的，独立的，但的两个的是中央的安全设计，以及未能获得任何一个正确开辟了途径妥协。

在Web应用程序，非常粗略地讲而言，认证是当您检查登录凭据，看看你是否承认登录的用户，当你在你的访问控制查查是否允许用户查看授权，编辑，删除或创建的内容。

What's the difference in web applications? In short, please.

I see the abbreviation "auth" a lot. Does it stand for auth-entication or auth-orization? Or both?

解决方案

Authentication is the process of ascertaining that somebody really is who he claims to be.

Authorization refers to rules that determine who is allowed to do what. E.g. Adam may be authorized to create and delete databases, while Usama is only authorised to read.

The two concepts are completely orthogonal and independent, but both are central to security design, and the failure to get either one correct opens up the avenue to compromise.

In terms of web apps, very crudely speaking, authentication is when you check login credentials to see if you recognize a user as logged in, and authorization is when you look up in your access control whether you allow the user to view, edit, delete or create content.

这篇关于认证与授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！