8 lines
568 B
Plaintext
8 lines
568 B
Plaintext
== Recommended Secure Coding Practices
|
|
|
|
At minimum, an access control system should:
|
|
|
|
* Use a well-defined access control model like https://en.wikipedia.org/wiki/Role-based_access_control[RBAC] or https://en.wikipedia.org/wiki/Access-control_list[ACL].
|
|
* Entities' permissions should be reviewed regularly to remove permissions that are no longer needed.
|
|
* Respect https://en.wikipedia.org/wiki/Principle_of_least_privilege[the principle of least privilege] ("_an entity has access only the information and resources that are necessary for its legitimate purpose_").
|