11Kas
How to control authorized access to specific data for specific users
I am building a web application that involves a login system. Once a user has logged in and is authenticated they should have the ability to access data from a database. This is however where I get a bit confused. How would I go about limiting the users' data to a specific area? For example, if user A requests data from the database about user B, how would you go about implementing a control system that could tell whether you have the right to that data or not?
I'm just speculating, maybe this is not the approach you wish you take.
