Authorization and permission framework¶
Private pages and data access is protected by authorization framework? Yes / No
When protecting private data, a systematic authorization framework is used instead of ad-hoc conditions. A standardized permission check method leaves less room for human error in fragile permission check conditions.
In †he authorization framework approach:
- The same process is used in all permission checks.
- Manual conditions (ifs) are unnecessary to make permission checks, as the approach is prone to human error.
- All data is preferably private unless explicitly made public.
- The checks follow a standardized authorization pattern like an access control list or activity-based checks.
Related incidences:
Links: