Security, in general, is a pervasive issue. Every part of an application will have security considerations. Parts of the implementation of security will involve two closely-related issues:
- Authentication: A client must provide some evidence of who they are. This might involve signed certificates or it might involve credentials like a username and password. It might involve multiple factors, such as an SMS message to a phone that the user should have access to. The web server must validate this authentication.
- Authorization: A server must define areas of authority and allocate these to groups of users. Furthermore, individual users must be defined as members of the authorization groups.
While it's technically possible to define authorization on an individual basis, this tends to become awkward as a site or application...
