At what level should security be implemented in a social networking web application?

Question

At what level should security be implemented in a social networking web application?

I am developing a social web application in php / mysql, I would like to hear your advice on what would be the best way to ensure security. I plan something like this: At the presentation level, I restrict the user to see only those elements / materials that he has the right to see with the rights that he has the right & amp; at the database level, when my data is read / written or updated, I confirm that the person has the right to such interaction with this part of the data. Thus, for each action there are 2 security levels at the presentation level, and the other at the database level. Will there be double check invoices?

Of course, this applies only to internal security issues.

+3

security authentication php mysql

Rajat gupta Dec 26 '10 at 19:39

source share

2 answers

, . (RBAC - , , .)

- . RBAC XSS/XSRF/SQLi.

0

rook 26 . '10 20:03

Oswald · Accepted Answer · 2010-12-26T20:25:29+0000

Who knows about the current user?

If the business layer does not know who the current user is, he cannot control access. Rather, the presentation should each time request an authorization component whether a particular user is allowed to perform a specific action. Good. if the presentation layer basically fulfills some well-defined use cases.

- , , , -. . . - .

At what level should security be implemented in a social networking web application?

More articles: