Our mORMot framework tries to implement security via:
- Process safety;
- Authentication;
- Authorization.
Process safety is implemented at every n-Tier level:
- Atomicity of the SQLite3 database core;
- RESTful architecture to avoid most synchronization issues;
- ORM associated to the Object pascal strong type syntax;
- Extended test coverage of the framework core.
Authentication allows user identification:
- Build-in optional authentication mechanism, implementing both per-user
sessions and individual REST Query Authentication;
- Authentication groups are used for proper authorization;
- Several authentication schemes, from very secure SHA-256 based challenging to
weak but simple authentication;
- Class-based architecture, allowing custom extension.
Authorization of a given process is based on the group policy,
after proper authentication:
- Per-table access right functionalities built-in at lowest level of
the framework;
- Per-method execution policy for interface-based services;
- General high-level security attributes, for SQL or Service remote
execution.
We will now give general information about both authentication and authorization in the framework.
In particular, authentication is now implemented via a set of classes.