Only authorized personnel should be able to modify the
product catalog!
Security is obviously a large topic, and its complexity depends a lot on the value of the
data you??™re protecting. While we don??™t have the resources to create such a secure environment
as that implemented by banks, for example, when creating an online store, we still have a great
responsibility to make sure our data and our customers??™ data is safe.
Our security implementation deals with these important concepts:
??? Authentication: This is the process in which users are uniquely identified. The typical
way to identify users, which we??™ll also implement in TShirtShop, is to ask for a username
and a password.
??? Authorization: This concept refers to the process of identifying the resources an authenticated
user can access and restricting his or her access accordingly. For example, you
can have administrators who can only edit product names and descriptions and administrators
who can also view customers??™ personal data. The administrators of our little
shop will have access to all the restricted areas, but as the site gets larger, you may want
to delegate administrative tasks to more employees for both management and security
reasons.
??? Secure communication channel: Of course, all of our authentication and authorization
efforts are in vain if it??™s easy for a hacker to implement a man-in-the-middle attack,
which refers to the scenario where an individual listens to the traffic on a network to
intercept sensitive data.
Pages:
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387