Least Privilege Minimum Permissions for the Task

Another common security principle is that of Least Privilege: providing only the necessary permissions in each of the access systems related to a site. Going back to the bank example, imagine if we had a corporate account and that access to this account was shared by multiple people. The bank would ask the account holder to specify which permissions each person should have for the account. Perhaps everyone on the account would be able to make deposits, most would be able to write checks, but only the main account holder would be able to close the account. This is a real-world application of Least Privilege: giving only the permissions necessary to do a task and no more. In the realm of the LAMP stack, one example of this relates to using Drupal to host multiple sites on the same server.

Was this article helpful?

0 0

Post a comment