问题
I'm looking for a book or tutorial about secure user management and privileges. I have O'Reilly's Essential PHP Security. When I'm starting a project, I'm never sure that it's secure, or if I'm doing security the right way. Because this, I'm looking for a case study.
回答1:
A very good paper on this topic has to be the Authentication Cheat Sheet. I like this paper because it covers just about everything and its to the point.
For the user access control side of things I would look at existing code such as CakePHP's Auth component or phpGACL. Looking at existing implementations is indescribable when creating your own. In general its not a good idea to re-invent the wheal, but on the other hand building a system like this is an amazing learning experience that cannot be obtained though other means.
回答2:
Try this. Video tutorials about security from google code university. Also this:
http://code.google.com/edu/submissions/daswani/index.html
http://www.cs.uiuc.edu/homes/kingst/Research_files/grier08.pdf
http://www.webappsec.org/
回答3:
Since you keep keep refering to PHP, then I can only assume you are talking about security models in general and how to implement them, rather than understanding how Unix or NT security systems work.
You could do worse than start by reading the various wikipedia articles about security models, access controls and security models
来源:https://stackoverflow.com/questions/3087483/a-book-or-tutorial-about-secure-user-management-and-privileges