The Power of Fake Perms
Lets run through a scenario to visualize the beauty of redeemable permissions.
Last updated
Lets run through a scenario to visualize the beauty of redeemable permissions.
Last updated
Imagine in our server we have not assigned permissions to any roles, and they are purely for visual/staff identification purposes.
Instead of a role having a permission, a permission can be granted to a individual user.
Now, at any time, the user who has been granted a permission may redeem that permission
Once redeemed, the user will be temporarily given a role that has been given the specified permission. After the time window has closed, this role will be deleted.
Now in the event of a account compromise, in this scenario, the attacker would have to:
Know about the fake permissions in the first place
Know which permissions are granted to the user account they are on
Know how to redeem the permissions
and in the event they do grant themself a permission, it will be temporary, and the core protections of Infinit3Guard will mitigate most possible attacks.