From ad5352e519ce00e5ffecd9a24f37896d6f7217d6 Mon Sep 17 00:00:00 2001 From: mk-pmb Date: Sat, 10 Jun 2017 14:34:04 +0200 Subject: [PATCH] Auth: Remind that some data _about_ users shouldn't be _theirs_. --- .../authentication-and-authorization/index.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/articles/authentication-and-authorization/index.md b/articles/authentication-and-authorization/index.md index 2a15cb9..939c6d9 100644 --- a/articles/authentication-and-authorization/index.md +++ b/articles/authentication-and-authorization/index.md @@ -1,4 +1,5 @@ --- +--- layout: post title: Authentication and Authorization prev: @@ -44,6 +45,20 @@ your development time up with unreasonable security constraints. If a user tries in the process destroys their own user account data, that's not a problem. It's only when actions might affect, compromise, or destroy the data of other users that you need to worry. +That said, think twice about who should own which data. +In lots of websites there's data **about** a user that affects how the +site owners, their servers and their customer service agents will act: + +* Email addresses. +* Payment history. +* Premium subscription level and expiration date. +* Confirmed orders' shipping addresses. +* You can probably think of more. + +So even though this data is **about** a user, it shouldn't be considered +**theirs** in authorization context. + + ### Temporary Revocable Access Credentials Unless you are building an offline-only application designed to store data only in the local browser,