Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Start a free Courses trial
to watch this video
Most web applications verify function level access rights before making that functionality visible in the UI. However, applications need to perform the same access control checks on the server when each function is accessed. By implementing proper access controls, users will only have access to what they should be able to use and nothing more.
Further Reading:
-
OWASP Broken Access Control
-
OWASP Broken Access Control - PDF
-
OWASP Insecure Direct Object References
-
OWASP Missing Function Level Access Control
-
Implement Access Control in Node.js, by Karl Düüna
-
React permissions
Node.js Access Control Libraries
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up