Difference between Zend_auth & Zend_acl?
https://stackoverflow.com/questions/11483547
-
20-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am using Zend Framework for one of my projects and I am very new to Zend Framework.
Can you please tell me the difference between Aend_Auth and Zend_Acl?
Solution
Zend Auth is used for authenticate the end user , it handles the login and session managment while zend acl is a diffrent thing . You can deside the role of the loged in user like admin , manager , customer atc. I preffer to see zend documentation for more information.
OTHER TIPS
a)To give an exam you have to carry your examination ticket with you which has your roll number (password) on it . Without which you cannot enter inside examination hall . So examination ticket authenticate's you and let you sit in examination hall . (Zend_Auth)
b)During the exam you do not have permission to open book , ask friend's for help or use mobile phone but can use water bottle to drink water . These are basically rules enforced upon you. (In Zend these rules are written using Zend_Acl)
If you look at an Operating System you have a login but also security features like simple directory or files security (read/write/execute).
You have to use Zend_Auth to handle all the login activities. Note though that Zend_Auth doesn't allow or deny access it merely does some management involving the login process like session management. That's usually the same in an operating system but under the hood you have a security setting that will grant you access to either the desktop or remote.
Security is ultimately the responsibility of "Access Control Lists". With Zend_Acl you can handle all the security for your web application in various ways.
You should distinguish authentication and authorization first. Authentication is checking whether the credentials (e.g username and password) are valid. Authorization is checking the role of the user (e.g admin or user). The authorization is done after the authentication. Zend_Auth is authentication process. Zend_Acl is authorization process.
Refer this: http://en.wikipedia.org/wiki/AAA_protocol
Zend_Auth - checks login and password with stored in DB and saves user data in Session/registry
Zend_Acl - gives some users to access some pages (ex. user admin can access 'admin' controller)
