Access Control

Transport Layer Security (TLS) is critical for access control because it ensures secure communication between clients and servers. TLS provides:

• Confidentiality: Encrypts data to prevent eavesdropping (e.g., intercepting credentials).

• Integrity: Ensures data is not tampered with during transmission.

• Peer Authentication: Verifies the server’s identity via digital certificates, preventing impersonation. Without TLS, sensitive access control data (e.g., passwords, session tokens) could be exposed or altered, undermining authentication and authorization mechanisms.

HTTP Basic Authentication is a simple protocol where the client sends a username and password encoded in Base64 within the Authorization header. The client needs to send this Authorization header with each request it makes to the server.

if the client attempts to access a restricted resource whithout the right credentials. The server responds with a 401 Unauthorized status and a WWW-Authenticate: Basic header.

Note: Credentials are not encrypted (only encoded), so it must always be used over HTTPS to prevent interception.

Common flaws include:

• Weak Passwords: No enforcement of strong passwords (e.g., short, default, or dictionary-based passwords).

• Brute-Forcible Logins: Lack of limiting the amount of repeated logins that failed. Attacker can try different passwords untile one will succeed.

• Verbose Error Messages: Disclosing whether a username or password is incorrect (helps attackers to know if e.g. a email address exists).

• Insecure Transmission: Using unencrypted HTTP, allowing credential interception.

• Poor Credential Storage: Storing passwords in plaintext or weak hashes (e.g., MD5/SHA-1) -> attackers could use rainbow tables.

Role-Based Access Control (RBAC) assigns permissions to roles rather than individual users. Users are then assigned roles, which grant them specific permissions. For example:

• A "Manager" role might have permissions to delete records.

• A "User" role can only view records. This simplifies management, as changing permissions requires updating roles rather than individual users.

Key flaws include:

• Privilege Escalation:

  • Vertical: occurs when a user can perform functions that his assigned role does not permit him to (e.g., user → admin).

  • Horizontal: Accessing another user’s resources (e.g., user -> other user).

• Unprotected Functionality: Sensitive URLs (e.g., admin pages) are accessible without proper checks. Functions are protected by the assumption that an attacker will not know or discover these URL.

• Client-Side Access Control: Using client-supplied data (e.g., headers) to determine permissions (easily manipulated). The role should always be determined on the server side and not send from the client (could be easily changed). (ROLE = ADMIN -> send by client)

• Hard-Coded Policies: centralize access rules instead of hardcoding them within the source code.

• Manual Per-Endpoint Checks: No centralized access control logic, increasing audit complexity.

• Fail-Open Errors: System grants access during failures (e.g., crashes).

authenticfication:

• used to verify the identity of a user

authorization

• used to verify the permissions of a user