E-Commerce Lab (09) Assignment Access Control @ayush - Mittal
E-Commerce Lab (09) Assignment Access Control @ayush - Mittal
E-Commerce Lab (09) Assignment Access Control @ayush - Mittal
DAC is less secure compared to other systems, as it gives complete control to the end-user over any
object they own, and programs associated with it.
When it comes to security, Discretionary Access Control gives the end-user complete control to set
security level settings for other users and the permissions given to the end-users are inherited into
other programs they use which could potentially lead to malware being executed without the end-
user being aware of it.
ADVANTAGES DISADVANTAGES
1. Users may transfer object ownership to 1. Inherent vulnerabilities (Trojan horse)
another user(s).
2. Users may determine the access type of 2. ACL maintenance or capability
other users.
3. After several attempts, authorization 3. Limited negative authorization power
failures restrict user access.
Mandatory Access Control (MAC)
Mandatory access control (MAC) is a network-based access control where settings, policy and
passwords are established and stored in one secure network and limited to system administrators.
This access control is managed from a central computer where an administrator can grant or revoke
access from any individual at any time and location. It should be noted that access control
technologies are shying away from network-based systems due to limited flexibility.
Mandatory access has a set of security policies constrained to system classification, configuration,
and authentication. It defines and ensures centralized enforcement of confidential security policy
parameters.
ADVANTAGES DISADVANTAGES
1. MAC is more secure as only a system 1. MAC policy decisions are based on
administrator can control the access. network configuration
2. Reduce security errors
Role-based access control is high in demand among enterprises. This is because an administrator
doesn’t have to give multiple individuals particular access; the system administrator only has to
assign access to specific job titles.
ADVANTAGES DISADVANTAGES
1. Centralized and comprehensive 1. Less customizable
2. Less hands-on and thus overhead for
administrators
User-Based Access
A user-based, or authorization-based, mechanism allows you to give access explicitly to a particular
user on any host machine. The user's client passes authorization data to the server. If the data match
the server's authorization data, the user is allowed access.
Host-Based Access
A host-based mechanism is a general-purpose mechanism. This type of mechanism enables you to
give access to a particular host, in which all users on that host can connect to the server. A host-
based mechanism is a weaker form of access control. If the host has access to the server, all users on
that host are allowed to connect to the server.
The Solaris environment provides the host-based mechanism for backward compatibility.