Security

BackBee CMS' Security component ensures strict control of access to content and to available functions. It has two steps:
 
•     Identification: The component verifies the identity of the user (visitor, contributor, webservice client, etc.). Secure 
  areas can be created by installing firewalls. 
•     Authorization: The component assigns access privileges (read-only, writing, etc.) to identified users.
 
Privileges are assigned according to an access control list (ACL), which can be configured by area.
 
Identification can be verified in several ways and is extensible:
 
•     Forms: supported by the application
•     Basic access: transmission of connection information in the headers
•     HTTP digest: encrypted transmission of connection information
•     X.509 certificate
•     WSSE, etc.
 
Checking connection information can then be performed through a number of methods, which are combinable and extensible:
 
•     By file
•     In memory
•     By database
•     By LDAP connection, etc.
 
Authorization is established through an access control list (ACL). A list of permissions is associated with a list of resources. In BackBuilder5, assigning permissions is accomplished by associating hierarchical roles, and resources can be of several kinds:
 
    URL segment (a system of rights according to the sitemap)
    Object (Page, Content, etc.)
    Method
 
The hierarchy of roles is organized cumulatively. For example:
 
•     USER: read
    MEMBER: USER, comment
    MODERATOR: USER valid_post
    ADMIN: MODERATOR, create, edit, delete
 

NEXT >

Copyright © 2016 Lp digital. All rights reserved.