Security Basics mailing list archives
Re: data level entitlements
From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 28 Jun 2012 20:23:21 -0400
Hi Thugzclub, On Thu, Jun 28, 2012 at 3:07 PM, Thugzclub <thugzclub () googlemail com> wrote:
All, Does anybody know where I can get some info on "data level entitlements"
Jeff Six has a nice example using a client side email client in Application Security for the Android Platform (http://shop.oreilly.com/product/0636920022596.do). Data level entitlements sometimes goes by other names, such as fine grained permissions. Android exposes fine grained permissions through their UriPermission object. You might also encounter coarse grained permissions. These permissions would allow a user to use the application and often uses usernames and passwords. As a concrete example, think of a mobile banking application (taken from my experience in financial security). The bank would give you access to your account through use of a mobile banking application. You would log on with a {username,password} pair and get a token back. The log on and token are serviced by the coarse grained system. To view your account information, the fine grained system would kick-in and use the security context (available in the token from the coarse grained system) and only return records related to your account (and not information from other customers). Jeff ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- web form filling bots Anwar Khan (Jun 28)
- Re: web form filling bots TAS (Jun 28)
- Re: web form filling bots Rob (Jun 28)
- RE: web form filling bots Sandeep Cheema (Jun 28)
- data level entitlements Thugzclub (Jun 28)
- Re: data level entitlements Vic Vandal (Jun 28)
- Re: data level entitlements Jeffrey Walton (Jun 28)
- Message not available
- Re: web form filling bots Anwar Khan (Jun 29)
- Re: web form filling bots Tasos Laskos (Jun 29)
- RE: web form filling bots Sandeep Cheema (Jun 28)
- Re: web form filling bots Anwar Khan (Jun 28)
- Re: web form filling bots Rob (Jun 28)