Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Layered Design for Ruby on Rails Applications

You're reading from   Layered Design for Ruby on Rails Applications Discover practical design patterns for maintainable web applications

Arrow left icon
Product type Paperback
Published in Aug 2023
Publisher Packt
ISBN-13 9781801813785
Length 298 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Vladimir Dementyev Vladimir Dementyev
Author Profile Icon Vladimir Dementyev
Vladimir Dementyev
Arrow right icon
View More author details
Toc

Table of Contents (20) Chapters Close

Preface 1. Part 1: Exploring Rails and Its Abstractions
2. Chapter 1: Rails as a Web Application Framework FREE CHAPTER 3. Chapter 2: Active Models and Records 4. Chapter 3: More Adapters, Less Implementations 5. Chapter 4: Rails Anti-Patterns? 6. Chapter 5: When Rails Abstractions Are Not Enough 7. Part 2: Extracting Layers from Models
8. Chapter 6: Data Layer Abstractions 9. Chapter 7: Handling User Input outside of Models 10. Chapter 8: Pulling Out the Representation Layer 11. Part 3: Essential Layers for Rails Applications
12. Chapter 9: Authorization Models and Layers 13. Chapter 10: Crafting the Notifications Layer 14. Chapter 11: Better Abstractions for HTML Views 15. Chapter 12: Configuration as a First-Class Application Citizen 16. Chapter 13: Cross-Layers and Off-Layers 17. Index
18. Gems and Patterns 19. Other Books You May Enjoy

Authorization, authentication, and friends

The security of a web application is a vast topic. Although (web) frameworks often offer built-in security measures to overcome some common vulnerabilities such as XSS attacks and SQL injections, various other aspects of web application security are the responsibility of engineers building on top of the framework. In this book, we focus on the latter group.

Let’s begin by differentiating between the two most popular and commonly confused concepts: authorization and authentication.

Authentication versus authorization

The meaning of life of every web application is to serve user requests (note that a user is not necessarily a human), and, in most cases, we restrict which requests are available to a particular user and which must be forbidden. The underlying decision-making process could be divided into two phases, which can be represented by the following questions:

  • Who’s there?: Or, on behalf of which domain entity...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image