Application Security

Abstract

When the time arrives to deploy an application that needs security, it becomes apparent that adding security is much harder than just adding a password protected login screen. This paper contains a collection of patterns for application security. Six patterns are presented in this paper: 1) Secure Access Layer, 2) Single Access Point, 3) Check Point, 4) Roles, 5) Session, and 6) Limited View. Secure Access Layer provides a communication interface for developers and provides a means for applications to use the security of the systems on which they are built. Single Access Point permits entry into the application through one single point. Check Point gives the developer a way to handle different types of security breaches without being too harsh on users who are just making mistakes. Groups of users have different Roles that define what they can and can not do. The global information about the user is distributed throughout the application via a Session. Finall y, users are only presented with legal options through a Limited View. These six patterns work together to provide a security framework for building applications.