leastprivilege.com
Approaches to (Server-side) Authorization
Authorization is a difficult topic. The implementation is typically so application/developer specific, that when you ask ten people how they do it, you most likely get ten different answers. I thin…