Authentication Vs Authorization

If someone has the information for authentication, does that give them the right to authorise an action even if they don’t have permission?

Well, it seems that if someone knows that you have the information of authentication, then if a person were to use that authorise something, that would be an implied permission for the second party to do what they like.

This may seem like a harsh view, but if a ‘victim’ knows that there is a weakness to a system they are in charge of, then it is their negligence that leads to this authorisation. If the victim were not to know, then it would not be right that there has been authorisation even if someone can authenticate themselves as if they were supposed to have said information.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s