From the course: Secure Coding in Python

Unlock this course with a free trial

Join today to access over 24,900 courses taught by industry experts.

Permissions

Permissions - Python Tutorial

From the course: Secure Coding in Python

Start my 1-month free trial Buy for my team

Permissions

It's time to talk about broken access control, which is number one in OWASP Top 10. Now, when we look at broken access control, it's important to differentiate two similar but different ideas. One is the idea of authentication, which means who has access to something. The other is the idea of permissions. Now, permissions is what different people have access to. And if we equate these two things, we can have a situation where we grant somebody who has permissions to just read information, to modify that information. We could not protect certain information from certain users who can access other particular pieces of data. Now, let's go ahead and take a look at how we can test permissions and modify our code to make it more secure. So here I am in my exercise files, and I'm going to navigate to 05_02_begin. I'm also going to open up posts. And here, I've prepared a few test files. So there's a folder called test with a file called test. So here I am in test.py. And first I have…

Contents