Overview of Authorization, Encoding, Encryption, and Hashing

Authorization

Once we know who the user is and who is working with our application, we must make sure that they can execute the allowed actions within their privilege. In almost all applications, not all users have the same permissions. Some are allowed to perform a certain action, while others are not.

The purpose of authorization is to make sure that each user is only executing the actions they are entitled to. Generally, roles are used to restrict user actions. However, as we will see later on, permissions for individual actions can be more appropriate than roles.

Encoding

The purpose of encoding is to transform data so that it can be correctly and safely consumed by a different type of system. For example, binary data can be sent over email, or a web browser can view special characters on a web page. The goal is not to keep information secret, but to ensure that it can be properly consumed.