top | item 9876923

(no title)

valisystem | 10 years ago

Well actually you can look at it exactly like a kernel, where the backend is the kernel and http clients are the processes, and access control is done at resource level access, by the kernel. The things is, you couldn't even model facebook access with unix perms, and if you've played with acl, I think you realize that the problem is not solely due basic soft architecture.

That said, Facebook should have addressed this problem seriously by now.

discuss

joosters|10 years ago

But Facebook permissions can be modelled. They may not be direct mappings to UNIX permissions or ACLs, but that's taking my OS analogy too literally. The point is, Facebook should have a shared component that does the permission checks, rather than giving each page global access and relying on the author to do the checks themselves.

valisystem|10 years ago

I deeply agree for the facebook case, I just wanted to point out that there is no known general solution for a centralized resource access control for web backend that will fit all use cases properly.