# Security matrix

#### Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

•  Subject
• Author
• Posted on
Hi all ,

I need to Security Matrix in my php project.

The Security Matrix are Administrator , Engineer, Storeman and
Customer.
One of my peers said to make php project more robust, he asked me to
use byte value as security matrix. For example as shown below:

User id      Name                Security Matrix
1          A                               15
2          B                               1
3          C                               2

from table above user A is 1111
(Administrator,Engineer,Storeman,Customer) , B is 0001 (Customer) and C
is 0010 ( Storeman)

My question is how i am going to check if the user is Administrator
or Customer or etc ?
Any php function to check it?

Thanks

## Re: Security matrix

It's jsut plain and simple boolean math, althou I have no idea how this is
going to make it "more robust"...

When checking if a bitfield has a certain bit set, you use a bit mask and a
bitwise operation to compare them.

15 as binary is 1111, 1 is 0001 and 2 is 0010

Now, let's say user level of admin requires the fourth bit to be set, you
use a bit mask 8, 1000 as binary. Now to bitwise operation, we'll use AND
operation for comparison:
1000 & 1111 = 1000, now since 1000 is "not null", it's true, the guy really
is an admin. Now, what if he was storeman, say 0010. Again compare to 1000
using AND:
1000 & 0010 = 0000, it's null, the user isn't admin.

So basicly you just define the user right masks and use them to check the
user level.

\$customer = bindec('0001');
\$storeman = bindec('0010');
\$engineer = bindec('0100');
\$admin    = bindec('1000');

if( \$matrix & \$admin )
echo("Hooray, you're an admin!");

if( \$matrix & \$engineer )
echo("You're an engineer, good for you!");

if( \$matrix & \$storeman )
echo("Just a storeman!");

if( \$matrix & \$custoimer )
echo("Boo-hoo, nothing but a lowly customer!");

Again, I see no connection between "robust" and this here, this is just a
way of storing multiple values to a single integer, but the reason this is
quite handy is that you can be an admin and an engineer at the same time as
"1100", but for example a normalized database would not allow multiple
values in one field, each field should be assigned one boolean field in a
database...

--
"Ohjelmoija  on  organismi  joka  muuttaa  kofeiinia  koodiksi" - lpk
http://outolempi.net/ahdistus/ - Satunnaisesti pivittyv nettisarjis
spam@outolempi.net | rot13(xvzzb@bhgbyrzcv.arg)

## Re: Security matrix

What you are describing is a Role Based Access Control (RBAC) system. Take a
look at
http://www.tonymarston.co.uk/php-mysql/role-based-access-control.html

--
Tony Marston

http://www.tonymarston.net
http://www.radicore.org