Databases
StackOverflow2013
Postsdbo
POAccess Control List Best Practices - ACL - Setting Negative Roles for Users who Attack a Site
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POAccess Control List Best Practices - ACL - Setting Negative Roles for Users who Attack a Site
    text
    copied!<h2>CONTEXT</h2> <p>I have just been reading about Zend ACL <a href="http://framework.zend.com/manual/en/zend.acl.html" rel="nofollow noreferrer">http://framework.zend.com/manual/en/zend.acl.html</a></p> <h2>QUESTION</h2> <p>I'm running three Zend applications on one server.</p> <ul> <li>My Front End App</li> <li>My Front End-Members App</li> <li>My Back End App (Site Owner's Admin)</li> </ul> <p>Within the applications I'm considering having two types of ACL. </p> <ul> <li>Application Wide ACL - ''app ACL's'' permissions are just - "access" (or maybe call it "read", (or even "SendHTTPRequests")) </li> <li>Account Wide - leaving all other permissions to individual ''account ACL's''</li> </ul> <p>I'm thinking this would make it easier to block spammers and other attackers</p> <pre><code>if (UserActivityScoresHighProbabilityOfHacking_Specification-&gt;IsSatisfiedBy(User)) { User-&gt;addrole(Attacker) } </code></pre> <p>Perhaps with rules something like this:</p> <h2>My Front End App Access Controls</h2> <ul> <li>Name = Attacker</li> <li>Unique Permissions = NONE </li> <li>Inherit Permissions From = N/A</li> </ul> <hr> <ul> <li>Name = Guest</li> <li>Unique Permissions = SendHTTPRequests</li> <li>Inherit Permissions From = N/A</li> </ul> <hr> <ul> <li>Name = Member</li> <li>Unique Permissions = SendHTTPRequests</li> <li>Inherit Permissions From = Guest</li> </ul> <hr> <ul> <li>Name = Admin</li> <li>Unique Permissions = (ALL Permissions)</li> <li>Inherit Permissions From = N/A</li> </ul> <p>The other apps would have more stringent rules to deny access to guests, etc</p> <hr> <h2>So the question to answer is:</h2> <p>Does assigning the role of 'Attacker' (a negative role) to a user strike you as being a sensible thing to do. </p> <p>Or this contrary to general best practice?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload