{"id":13684,"date":"2024-02-14T08:54:30","date_gmt":"2024-02-14T01:54:30","guid":{"rendered":"https:\/\/bap-software.net\/?post_type=knowledge&#038;p=13684"},"modified":"2024-05-30T14:19:00","modified_gmt":"2024-05-30T07:19:00","slug":"authentication-vs-authorization-in-software-development","status":"publish","type":"knowledge","link":"https:\/\/bap-software.net\/vi\/knowledge\/authentication-vs-authorization-in-software-development\/","title":{"rendered":"T\u1ea5t t\u1ea7n t\u1eadt v\u1ec1 Authentication vs Authorization trong ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m"},"content":{"rendered":"<p>Ng\u00e0y nay, vi\u1ec7c <a href=\"https:\/\/bap-software.net\/vi\/project\/app\/\">ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m<\/a> ng\u00e0y c\u00e0ng tr\u1edf n\u00ean ph\u1ee9c t\u1ea1p v\u00e0 c\u00f3 nhi\u1ec1u m\u1ed1i \u0111e d\u1ecda v\u1ec1 b\u1ea3o m\u1eadt th\u00f4ng tin. B\u1eaft k\u1ecbp xu h\u01b0\u1edbng \u0111\u00f3, c\u01a1 ch\u1ebf Authentication va\u0300 Authorization \u0111\u00e3 ra \u0111\u1eddi \u0111\u1ec3 gi\u1ea3i quy\u1ebft v\u1ea5n \u0111\u1ec1 n\u00e0y, gi\u00fap n\u00e2ng cao t\u00ednh b\u1ea3o m\u1eadt c\u1ee7a ph\u1ea7n m\u1ec1m.<\/p>\n<h2><b>1. Authentication l\u00e0 g\u00ec? M\u1ed9t s\u1ed1 ph\u01b0\u01a1ng ph\u00e1p Authentication ph\u1ed5 bi\u1ebfn<\/b><\/h2>\n<div id=\"attachment_13694\" style=\"width: 1264px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-13694\" class=\"wp-image-13694 size-full\" src=\"https:\/\/cdn.bap-software.net\/2024\/02\/06163355\/Authentication1.jpg\" alt=\"What is authentication?\" width=\"1254\" height=\"836\" \/><p id=\"caption-attachment-13694\" class=\"wp-caption-text\">Authentication l\u00e0 m\u1ed9t h\u00ecnh th\u1ee9c x\u00e1c th\u1ef1c th\u00f4ng tin, gia t\u0103ng m\u1ee9c \u0111\u1ed9 b\u1ea3o m\u1eadt c\u1ee7a \u1ee9ng d\u1ee5ng. Ngu\u1ed3n: globalsign.com<\/p><\/div>\n<h3><b>1.1. Kh\u00e1i ni\u1ec7m<\/b><\/h3>\n<p>Authentication l\u00e0 qu\u00e1 tr\u00ecnh x\u00e1c th\u1ef1c th\u00f4ng tin c\u1ee7a ng\u01b0\u1eddi d\u00f9ng v\u00e0 m\u1eadt kh\u1ea9u \u0111\u1ec3 x\u00e1c minh danh t\u00ednh, \u0111\u1ed3ng th\u1eddi x\u00e1c th\u1ef1c ng\u01b0\u1eddi d\u00f9ng c\u00f3 quy\u1ec1n truy c\u1eadp c\u00e1c d\u1eef li\u1ec7u n\u00e0o \u0111\u00f3 hay kh\u00f4ng.<\/p>\n<h3><b>1.2. Ph\u00e2n lo\u1ea1i<\/b><\/h3>\n<p>Authentication g\u1ed3m c\u00f3 2 lo\u1ea1i l\u00e0: HTTP Basic Authentication v\u00e0 Multi &#8211; factor Authentication.<br \/>\n<b><\/b><\/p>\n<p><b>&#8211; HTTP Basic Authentication<\/b><\/p>\n<p>HTTP Basic Authentication l\u00e0 m\u1ed9t h\u00ecnh th\u1ee9c x\u00e1c th\u1ef1c nh\u1eb1m n\u00e2ng cao t\u00ednh b\u1ea3o m\u1eadt cho \u1ee9ng d\u1ee5ng tr\u00ean giao th\u1ee9c HTTP. H\u00ecnh th\u1ee9c n\u00e0y y\u00eau c\u1ea7u ng\u01b0\u1eddi d\u00f9ng cung c\u1ea5p t\u00ean \u0111\u0103ng nh\u1eadp v\u00e0 m\u1eadt kh\u1ea9u khi s\u1eed d\u1ee5ng ph\u1ea7n m\u1ec1m. Server s\u1ebd thu th\u1eadp th\u00f4ng tin c\u1ee7a ng\u01b0\u1eddi d\u00f9ng tr\u00ean tr\u00ecnh duy\u1ec7t \u0111\u1ec3 b\u1ea3o m\u1eadt d\u1eef li\u1ec7u.<br \/>\n<b><\/b><\/p>\n<p><b>&#8211; Multi &#8211; factor Authentication (MFA)<\/b><\/p>\n<p>Multi &#8211; factor Authentication l\u00e0 h\u00ecnh th\u1ee9c x\u00e1c th\u1ef1c \u0111a y\u1ebfu t\u1ed1, l\u00e0 h\u1ec7 th\u1ed1ng b\u1ea3o m\u1eadt y\u00eau c\u1ea7u nhi\u1ec1u b\u01b0\u1edbc x\u00e1c th\u1ef1c bao g\u1ed3m \u0111\u0103ng nh\u1eadp ho\u1eb7c s\u1eed d\u1ee5ng c\u00e1c h\u00ecnh th\u1ee9c giao d\u1ecbch kh\u00e1c.<\/p>\n<p>Multi &#8211; factor Authentication th\u01b0\u1eddng k\u1ebft h\u1ee3p c\u00e1c y\u1ebfu t\u1ed1 nh\u01b0 password, security token v\u00e0 biometric verification.<\/p>\n<p>Vi\u1ec7c k\u1ebft h\u1ee3p nhi\u1ec1u y\u1ebfu t\u1ed1 s\u1ebd t\u1ea1o n\u00ean m\u1ed9t l\u1edbp b\u1ea3o m\u1eadt v\u1eefng ch\u1eafc cho \u1ee9ng d\u1ee5ng, ng\u0103n ch\u1eb7n t\u00ecnh tr\u1ea1ng x\u00e2m ph\u1ea1m t\u1eeb hacker.<\/p>\n\t\t\t<div class=\"related_one_post\">\n\t\t\t\t<p class=\"title_label\"> B\u00e0i vi\u1ebft li\u00ean quan <\/p>\n\t\t\t\t<div class=\"one_post_contents\">\n\t\t\t\t\t<div class=\"thumb\">\n\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.bap-software.net\/2019\/08\/android-smartphone-app-development.jpg\" alt=\"Ph\u00e1t Tri\u1ec3n \u1ee8ng D\u1ee5ng \u0110i\u1ec7n Tho\u1ea1i Th\u00f4ng Minh \u2013 N\u00ean B\u1eaft \u0110\u1ea7u T\u1eeb \u0110\u00e2u?\" \/>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<div class=\"desc\">\n\t\t\t\t\t\t<h6 class=\"title_one_post\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/bap-software.net\/vi\/knowledge\/smartphone-application-development\/\" title=\"Ph\u00e1t Tri\u1ec3n \u1ee8ng D\u1ee5ng \u0110i\u1ec7n Tho\u1ea1i Th\u00f4ng Minh \u2013 N\u00ean B\u1eaft \u0110\u1ea7u T\u1eeb \u0110\u00e2u?\"> Ph\u00e1t Tri\u1ec3n \u1ee8ng D\u1ee5ng \u0110i\u1ec7n Tho\u1ea1i Th\u00f4ng Minh \u2013 N\u00ean B\u1eaft \u0110\u1ea7u T\u1eeb \u0110\u00e2u? <\/a>\n\t\t\t\t\t\t<\/h6>\n\t\t\t\t\t\t<div class=\"read_more\">\n\t\t\t\t\t\t\t<p class=\"read_more_text\">\n\t\t\t\t\t\t\t\tV\u1edbi s\u1ef1 t\u0103ng tr\u01b0\u1edfng ng\u01b0\u1eddi d\u00f9ng \u0111i\u1ec7n tho\u1ea1i, c\u00e1c \u1ee9ng d\u1ee5ng \u0111i\u1ec7n tho\u1ea1i th\u00f4ng minh \u0111\u00f3ng vai tr\u00f2 then ch\u1ed1t trong chi\u1ebfn l\u01b0\u1ee3c marketing thu h\u00fat kh\u00e1ch h\u00e0ng, k\u00edch sales,...\t\t\t\t\t\t\t<\/p>\n\t\t\t\t\t\t\t<p class=\"link_read_more\">\n\t\t\t\t\t\t\t\t<a href=\"https:\/\/bap-software.net\/vi\/knowledge\/smartphone-application-development\/\"> Xem Th\u00eam\t\t\t\t\t\t\t\t\t<i class=\"fa fa-angle-right\"><\/i>\n\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t\n<h3><b>1.3. M\u1ed9t s\u1ed1 ph\u01b0\u01a1ng ph\u00e1p Authentication ph\u1ed5 bi\u1ebfn<\/b><\/h3>\n<p><b>&#8211; Password<\/b><\/p>\n<p>Password l\u00e0 ph\u01b0\u01a1ng ph\u00e1p Authentication \u0111\u01a1n gi\u1ea3n, d\u1ec5 tri\u1ec3n khai nh\u1ea5t. Ng\u01b0\u1eddi d\u00f9ng s\u1ebd \u0111\u01b0\u1ee3c y\u00eau c\u1ea7u nh\u1eadp m\u1eadt kh\u1ea9u, sau \u0111\u00f3 h\u1ec7 th\u1ed1ng s\u1ebd l\u01b0u l\u1ea1i th\u00f4ng tin \u1edf d\u1ea1ng m\u00e3 h\u00f3a m\u1ed9t chi\u1ec1u, \u0111\u1ea3m b\u1ea3o m\u1eadt kh\u1ea9u d\u00f9 c\u00f3 b\u1ecb hack c\u0169ng kh\u00f4ng th\u1ec3 kh\u00f4i ph\u1ee5c \u0111\u01b0\u1ee3c.<br \/>\n<b><\/b><\/p>\n<p><b>&#8211; Kh\u00f3a \u0111i\u1ec7n t\u1eed c\u00f4ng khai<\/b><\/p>\n<p>Public &#8211; Key cryptography l\u00e0 ph\u01b0\u01a1ng ph\u00e1p x\u00e1c th\u1ef1c th\u00f4ng qua thu\u1eadt to\u00e1n m\u00e3 h\u00f3a b\u1eb1ng kh\u00f3a c\u00f4ng c\u1ed9ng v\u00e0 kh\u00f3a c\u00e1 nh\u00e2n. \u0110\u1ec3 truy c\u1eadp v\u00e0o t\u00e0i nguy\u00ean c\u1ee7a h\u1ec7 th\u1ed1ng th\u00ec c\u1ea7n c\u00f3 m\u1ed9t kh\u00f3a c\u00e1 nh\u00e2n tr\u00ean m\u00e1y v\u00e0 \u0111\u0103ng nh\u1eadp v\u00e0o \u1ee9ng d\u1ee5ng m\u00e0 kh\u00f4ng c\u1ea7n nh\u1edb th\u00f4ng tin \u0111\u0103ng nh\u1eadp.<br \/>\n<b><\/b><\/p>\n<p><b>&#8211; Sinh h\u1ecdc<\/b><\/p>\n<p>Biometrics l\u00e0 ph\u01b0\u01a1ng ph\u00e1p x\u00e1c th\u1ef1c th\u00f4ng qua v\u00e2n tay, khu\u00f4n m\u1eb7t, v\u00e0 c\u00e1c y\u1ebfu t\u1ed1 sinh h\u1ecdc kh\u00e1c c\u1ee7a con ng\u01b0\u1eddi. Ph\u01b0\u01a1ng ph\u00e1p n\u00e0y th\u01b0\u1eddng k\u1ebft h\u1ee3p v\u1edbi ID v\u00e0 m\u1eadt kh\u1ea9u ph\u00f2ng tr\u01b0\u1eddng h\u1ee3p ng\u01b0\u1eddi d\u00f9ng qu\u00ean.<\/p>\n<h2><b>2. C\u01a1 ch\u1ebf l\u01b0u tr\u1eef \u0111\u0103ng nh\u1eadp ng\u01b0\u1eddi d\u00f9ng<\/b><\/h2>\n<p>C\u00f3 3 c\u01a1 ch\u1ebf l\u01b0u tr\u1eef \u0111\u0103ng nh\u1eadp ng\u01b0\u1eddi d\u00f9ng c\u01a1 b\u1ea3n l\u00e0 Basic Authentication, Session-based Authentication v\u00e0 Token-based Authentication.<\/p>\n<h3><b>2.1. Basic Authentication<\/b><\/h3>\n<div id=\"attachment_13695\" style=\"width: 1210px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-13695\" class=\"wp-image-13695 size-full\" src=\"https:\/\/cdn.bap-software.net\/2024\/02\/06163359\/Authentication2-e1707187033697.jpg\" alt=\"Basic Authentication\" width=\"1200\" height=\"510\" \/><p id=\"caption-attachment-13695\" class=\"wp-caption-text\">Basic Auth l\u00e0 c\u01a1 ch\u1ebf l\u01b0u tr\u1eef \u0111\u0103ng nh\u1eadp ng\u01b0\u1eddi d\u00f9ng ph\u1ed5 bi\u1ebfn v\u00e0 \u0111\u01a1n gi\u1ea3n nh\u1ea5t. Ngu\u1ed3n: wallarm.com<\/p><\/div>\n<p>Basic Authentication l\u00e0 c\u01a1 ch\u1ebf x\u00e1c th\u1ef1c \u0111\u01a1n gi\u1ea3n nh\u1ea5t c\u1ee7a \u1ee9ng d\u1ee5ng web v\u00e0 \u0111\u01b0\u1ee3c nhi\u1ec1u m\u00e1y ch\u1ee7 t\u00edch h\u1ee3p t\u1ef1 \u0111\u1ed9ng m\u1ed9t c\u00e1ch d\u1ec5 d\u00e0ng.<\/p>\n<p>&nbsp;<\/p>\n<p><b>\u01afu \u0111i\u1ec3m:<\/b><\/p>\n<ul>\n<li>\u0110\u01a1n gi\u1ea3n, t\u01b0\u01a1ng th\u00edch v\u1edbi h\u1ea7u h\u1ebft c\u00e1c tr\u00ecnh duy\u1ec7t, server<\/li>\n<li>D\u1ec5 d\u00e0ng k\u1ebft h\u1ee3p v\u1edbi c\u00e1c ph\u01b0\u01a1ng ph\u00e1p kh\u00e1c nh\u01b0 ph\u01b0\u01a1ng ph\u00e1p s\u1eed d\u1ee5ng cookie, session, token.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><b>Nh\u01b0\u1ee3c \u0111i\u1ec3m:<\/b><\/p>\n<ul>\n<li>D\u1ec5 l\u1ed9 th\u00f4ng tin v\u1ec1 password, t\u00ean \u0111\u0103ng nh\u1eadp do m\u1ed7i y\u00eau c\u1ea7u \u0111\u1ec1u ph\u1ea3i truy\u1ec1n username v\u00e0 password.<\/li>\n<li>B\u1eaft bu\u1ed9c ph\u1ea3i l\u01b0u th\u00f4ng tin \u0111\u0103ng nh\u1eadp tr\u00ean tr\u00ecnh duy\u1ec7t m\u1ed9t c\u00e1ch t\u1ef1 \u0111\u1ed9ng, do \u0111\u00f3 ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng th\u1ec3 logout.<\/li>\n<li>Giao di\u1ec7n kh\u00f4ng th\u00e2n thi\u1ec7n v\u1edbi ng\u01b0\u1eddi d\u00f9ng, khi\u1ebfn cho tr\u1ea3i nghi\u1ec7m ng\u01b0\u1eddi d\u00f9ng v\u00f4 c\u00f9ng nh\u00e0m ch\u00e1n.<\/li>\n<\/ul>\n<h3><b>2.2. Session-based Authentication\u00a0<\/b><\/h3>\n<div id=\"attachment_13696\" style=\"width: 811px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-13696\" class=\"wp-image-13696 size-full\" src=\"https:\/\/cdn.bap-software.net\/2024\/02\/06163405\/Authentication3.png\" alt=\"Session-based Authentication\" width=\"801\" height=\"446\" \/><p id=\"caption-attachment-13696\" class=\"wp-caption-text\">Session-based Authentication s\u1eed d\u1ee5ng cookie l\u00e0 n\u01a1i l\u01b0u th\u00f4ng tin c\u1ee7a ng\u01b0\u1eddi d\u00f9ng. Ngu\u1ed3n: dienmaycholon.vn<\/p><\/div>\n<p>Session-based Authentication l\u00e0 c\u01a1 ch\u1ebf x\u00e1c minh danh t\u00ednh d\u1ef1a tr\u00ean session c\u1ee7a ng\u01b0\u1eddi d\u00f9ng server. Sau khi x\u00e1c th\u1ef1c th\u00e0nh c\u00f4ng, server s\u1ebd l\u01b0u password v\u00e0 username c\u1ee7a ng\u01b0\u1eddi d\u00f9ng.<\/p>\n<p>\u0110\u1ed1i v\u1edbi server, n\u01a1i l\u01b0u tr\u1eef l\u00e0 database, file; \u0111\u1ed1i v\u1edbi client, n\u01a1i l\u01b0u tr\u1eef l\u00e0 b\u1ed9 nh\u1edb cookie, URL website.<\/p>\n<p>&nbsp;<\/p>\n<p><b>\u01afu \u0111i\u1ec3m:<\/b><br \/>\n<b><\/b><\/p>\n<p><b>&#8211; Th\u00f4ng tin \u0111\u01b0\u1ee3c gi\u1eef k\u00edn:<\/b><\/p>\n<p>Client ch\u1ec9 bi\u1ebft t\u1edbi session ID m\u00e0 kh\u00f4ng bi\u1ebft t\u1edbi b\u1ea5t k\u1ef3 th\u00f4ng tin g\u00ec c\u1ee7a ng\u01b0\u1eddi d\u00f9ng trong qu\u00e1 tr\u00ecnh truy\u1ec1n t\u1ea3i.<br \/>\n<b><\/b><\/p>\n<p><b>&#8211; Dung l\u01b0\u1ee3ng truy\u1ec1n th\u00f4ng tin nh\u1ecf: <\/b><\/p>\n<p>Session ID kh\u00f4ng mang th\u00f4ng tin ng\u01b0\u1eddi d\u00f9ng m\u00e0 ch\u1ec9 l\u00e0 chu\u1ed7i k\u00fd t\u1ef1 \u0111\u1eb7c bi\u1ec7t kho\u1ea3ng 20-50 k\u00fd t\u1ef1, do \u0111\u00f3, m\u1ed7i y\u00eau c\u1ea7u c\u00f3 dung l\u01b0\u1ee3ng nh\u1ecf v\u00e0 truy\u1ec1n t\u1ea3i d\u1ec5 d\u00e0ng h\u01a1n.<br \/>\n<b><\/b><\/p>\n<p><b>&#8211; Kh\u00f4ng \u1ea3nh h\u01b0\u1edfng t\u1edbi Client:<\/b><\/p>\n<p>S\u1eed d\u1ee5ng c\u01a1 ch\u1ebf l\u01b0u tr\u1eef ng\u01b0\u1eddi d\u00f9ng Session-based Authentication ch\u1ec9 y\u00eau c\u1ea7u b\u1ea1n s\u1eeda th\u00f4ng tin ph\u00eda server. Tr\u00ecnh duy\u1ec7t h\u1ea7u nh\u01b0 kh\u00f4ng x\u1eed l\u00fd th\u00eam th\u00f4ng tin g\u00ec m\u00e0 ph\u1ea3n h\u1ed3i t\u1ef1 \u0111\u1ed9ng.<\/p>\n<p>&nbsp;<\/p>\n\t\t\t<div class=\"related_one_post\">\n\t\t\t\t<p class=\"title_label\"> B\u00e0i vi\u1ebft li\u00ean quan <\/p>\n\t\t\t\t<div class=\"one_post_contents\">\n\t\t\t\t\t<div class=\"thumb\">\n\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.bap-software.net\/2024\/01\/23210107\/SmartphoneApp2.png\" alt=\"Doanh nghi\u1ec7p n\u00ean l\u1ef1a ch\u1ecdn ph\u00e1t tri\u1ec3n Web app hay \u1ee9ng d\u1ee5ng di \u0111\u1ed9ng \u00a0\" \/>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<div class=\"desc\">\n\t\t\t\t\t\t<h6 class=\"title_one_post\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/bap-software.net\/vi\/knowledge\/develop-web-apps-or-mobile-applications\/\" title=\"Doanh nghi\u1ec7p n\u00ean l\u1ef1a ch\u1ecdn ph\u00e1t tri\u1ec3n Web app hay \u1ee9ng d\u1ee5ng di \u0111\u1ed9ng \u00a0\"> Doanh nghi\u1ec7p n\u00ean l\u1ef1a ch\u1ecdn ph\u00e1t tri\u1ec3n Web app hay \u1ee9ng d\u1ee5ng di \u0111\u1ed9ng \u00a0 <\/a>\n\t\t\t\t\t\t<\/h6>\n\t\t\t\t\t\t<div class=\"read_more\">\n\t\t\t\t\t\t\t<p class=\"read_more_text\">\n\t\t\t\t\t\t\t\tKhi nh\u1eafc \u0111\u1ebfn ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m, c\u00f3 hai m\u1ea3ng l\u1edbn nh\u1ea5t \u0111\u00f3 l\u00e0 ph\u00e1t tri\u1ec3n \u1ee9ng d\u1ee5ng Web v\u00e0 \u1ee9ng d\u1ee5ng di \u0111\u1ed9ng. \u0110\u1ec3 l\u1ef1a ch\u1ecdn \u0111\u01b0\u1ee3c lo\u1ea1i App ph\u00f9 h\u1ee3p v\u1edbi m...\t\t\t\t\t\t\t<\/p>\n\t\t\t\t\t\t\t<p class=\"link_read_more\">\n\t\t\t\t\t\t\t\t<a href=\"https:\/\/bap-software.net\/vi\/knowledge\/develop-web-apps-or-mobile-applications\/\"> Xem Th\u00eam\t\t\t\t\t\t\t\t\t<i class=\"fa fa-angle-right\"><\/i>\n\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t\n<p><b>Nh\u01b0\u1ee3c \u0111i\u1ec3m:<\/b><br \/>\n<b><\/b><\/p>\n<p><b>&#8211; Chi\u1ebfm nhi\u1ec1u dung l\u01b0\u1ee3ng c\u1ee7a b\u1ed9 nh\u1edb: <\/b><\/p>\n<p>\u1ede m\u1ed7i y\u00eau c\u1ea7u l\u00e0m vi\u1ec7c c\u1ee7a user, m\u00e1y kh\u00e1ch l\u1ea1i t\u1ea1o ra m\u1ed9t session m\u1edbi v\u00e0 l\u01b0u v\u00e0o b\u1ed9 nh\u1edb. S\u1ed1 l\u01b0\u1ee3ng session ng\u00e0y c\u00e0ng nhi\u1ec1u s\u1ebd khi\u1ebfn cho b\u1ed9 nh\u1edb c\u1ee7a \u1ee9ng d\u1ee5ng qu\u00e1 t\u1ea3i.<br \/>\n<b><\/b><\/p>\n<p><b>&#8211; Kh\u00f3 kh\u0103n trong vi\u1ec7c t\u00ednh to\u00e1n d\u1eef li\u1ec7u: <\/b><\/p>\n<p>V\u00ec d\u1eef li\u1ec7u c\u1ee7a session \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef t\u1ea1i server n\u00ean b\u1ea1n s\u1ebd g\u1eb7p kh\u00f3 kh\u0103n trong vi\u1ec7c t\u00ednh to\u00e1n d\u1eef li\u1ec7u \u1ee9ng d\u1ee5ng.<br \/>\n<b><\/b><\/p>\n<p><b>&#8211; Ph\u1ee5 thu\u1ed9c v\u00e0o domain: <\/b><\/p>\n<p>M\u1ed9t s\u1ed1 tr\u01b0\u1eddng h\u1ee3p x\u00e1c minh th\u00f4ng qua cookie m\u00e0 cookie l\u1ea1i ph\u1ee5 thu\u1ed9c v\u00e0o domain, do \u0111\u00f3, \u0111\u0103ng nh\u1eadp c\u1ee7a ng\u01b0\u1eddi d\u00f9ng s\u1ebd ph\u1ee5 thu\u1ed9c v\u00e0o domain.<br \/>\n<b><\/b><\/p>\n<p><b>&#8211; D\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng: <\/b><\/p>\n<p>C\u00e1c Session ID th\u01b0\u1eddng \u0111\u01b0\u1ee3c l\u01b0u v\u00e0o cookie, trong khi \u0111\u00f3 cookie d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng b\u1edfi hacker, d\u1eabn \u0111\u1ebfn vi\u1ec7c \u1ee9ng d\u1ee5ng c\u0169ng d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng h\u01a1n.<\/p>\n<h3><b>2.3. Token-based Authentication<\/b><\/h3>\n<div id=\"attachment_13697\" style=\"width: 1010px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-13697\" class=\"wp-image-13697 size-full\" src=\"https:\/\/cdn.bap-software.net\/2024\/02\/06163409\/Authentication4.jpg\" alt=\"Token-based Authentication\" width=\"1000\" height=\"562\" \/><p id=\"caption-attachment-13697\" class=\"wp-caption-text\">Token-based Authentication l\u00e0 c\u01a1 ch\u1ebf l\u01b0u tr\u1eef th\u00f4ng tin ng\u01b0\u1eddi d\u00f9ng ph\u00f9 h\u1ee3p v\u1edbi nhi\u1ec1u lo\u1ea1i Client. Ngu\u1ed3n: hackernoon.com<\/p><\/div>\n<p>Token-based Authentication l\u00e0 c\u01a1 ch\u1ebf x\u00e1c minh danh t\u00ednh d\u1ef1a v\u00e0o vi\u1ec7c t\u1ea1o ra m\u1ed9t chu\u1ed7i k\u00fd t\u1ef1 mang th\u00f4ng tin ng\u01b0\u1eddi d\u00f9ng do m\u00e1y ch\u1ee7 t\u1ea1o ra v\u00e0 \u0111\u01b0\u1ee3c l\u01b0u \u1edf m\u00e1y kh\u00e1ch.<\/p>\n<p>&nbsp;<\/p>\n<p><b>\u01afu \u0111i\u1ec3m:<\/b><br \/>\n<b><\/b><\/p>\n<p><b>&#8211; Stateless: <\/b><\/p>\n<p>Token c\u00f3 kh\u1ea3 n\u0103ng t\u1ef1 l\u01b0u tr\u1eef, do v\u1eady m\u00e1y ch\u1ee7 kh\u00f4ng c\u1ea7n l\u01b0u b\u1ea5t c\u1ee9 th\u00f4ng tin g\u00ec. \u0110i\u1ec1u n\u00e0y gi\u00fap t\u00ednh to\u00e1n \u1ee9ng d\u1ee5ng theo chi\u1ec1u ngang (horizontal scalability) m\u00e0 kh\u00f4ng c\u1ea7n bi\u1ebft ngu\u1ed3n g\u1ed1c c\u1ee7a token.<br \/>\n<b><\/b><\/p>\n<p><b>&#8211; Ph\u00f9 h\u1ee3p v\u1edbi nhi\u1ec1u lo\u1ea1i m\u00e1y kh\u00e1ch: <\/b><\/p>\n<p>Tokens c\u00f3 th\u1ec3 d\u1ec5 d\u00e0ng l\u01b0u tr\u1eef v\u00e0 truy\u1ec1n t\u1ea3i tr\u00ean nhi\u1ec1u lo\u1ea1i m\u00e1y kh\u00e1ch, bao g\u1ed3m tr\u00ecnh duy\u1ec7t web, \u1ee9ng d\u1ee5ng di \u0111\u1ed9ng, v\u00e0 thi\u1ebft b\u1ecb IoT.<br \/>\n<b><\/b><\/p>\n<p><b>&#8211; Kh\u00f4ng b\u1ecb gi\u1edbi h\u1ea1n b\u1edfi domain:<\/b><\/p>\n<p>S\u1eed d\u1ee5ng Token gi\u00fap b\u00ean th\u1ee9 3 ho\u1ea1t \u0111\u1ed9ng d\u1ec5 d\u00e0ng h\u01a1n v\u00e0 kh\u00f4ng ph\u1ee5 thu\u1ed9c v\u00e0o domain nh\u01b0 c\u01a1 ch\u1ebf s\u1eed d\u1ee5ng cookie.<\/p>\n<p>&nbsp;<\/p>\n\t\t\t<div class=\"related_one_post\">\n\t\t\t\t<p class=\"title_label\"> B\u00e0i vi\u1ebft li\u00ean quan <\/p>\n\t\t\t\t<div class=\"one_post_contents\">\n\t\t\t\t\t<div class=\"thumb\">\n\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.bap-software.net\/2024\/02\/05223636\/microservice4.jpg\" alt=\"Microservices v\u00e0 API gateway: T\u1ea7m quan tr\u1ecdng v\u00e0 \u1ee9ng d\u1ee5ng th\u1ef1c t\u1ebf\" \/>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<div class=\"desc\">\n\t\t\t\t\t\t<h6 class=\"title_one_post\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/bap-software.net\/vi\/knowledge\/microservices-and-api-gateway\/\" title=\"Microservices v\u00e0 API gateway: T\u1ea7m quan tr\u1ecdng v\u00e0 \u1ee9ng d\u1ee5ng th\u1ef1c t\u1ebf\"> Microservices v\u00e0 API gateway: T\u1ea7m quan tr\u1ecdng v\u00e0 \u1ee9ng d\u1ee5ng th\u1ef1c t\u1ebf <\/a>\n\t\t\t\t\t\t<\/h6>\n\t\t\t\t\t\t<div class=\"read_more\">\n\t\t\t\t\t\t\t<p class=\"read_more_text\">\n\t\t\t\t\t\t\t\tTrong th\u1eddi \u0111\u1ea1i c\u00f4ng ngh\u1ec7 ph\u00e1t tri\u1ec3n, vi\u1ec7c s\u1eed d\u1ee5ng c\u00e1c \u1ee9ng d\u1ee5ng t\u00edch h\u1ee3p v\u1edbi nhi\u1ec1u n\u1ec1n t\u1ea3ng \u0111\u00e3 tr\u1edf th\u00e0nh xu h\u01b0\u1edbng \u0111\u1ed1i v\u1edbi ng\u01b0\u1eddi d\u00f9ng. \u0110\u1ec3 t\u1ea1o ra nh...\t\t\t\t\t\t\t<\/p>\n\t\t\t\t\t\t\t<p class=\"link_read_more\">\n\t\t\t\t\t\t\t\t<a href=\"https:\/\/bap-software.net\/vi\/knowledge\/microservices-and-api-gateway\/\"> Xem Th\u00eam\t\t\t\t\t\t\t\t\t<i class=\"fa fa-angle-right\"><\/i>\n\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t\n<p><b>Nh\u01b0\u1ee3c \u0111i\u1ec3m:<\/b><br \/>\n<b><\/b><\/p>\n<p><b>&#8211; Kh\u00f3 qu\u1ea3n l\u00fd \u0111\u0103ng xu\u1ea5t: <\/b><\/p>\n<p>Do server kh\u00f4ng l\u01b0u th\u00f4ng tin g\u00ec v\u1ec1 token hay session c\u1ee7a user d\u1eabn \u0111\u1ebfn t\u00ecnh tr\u1ea1ng kh\u00f3 ki\u1ec3m so\u00e1t vi\u1ec7c \u0111\u0103ng xu\u1ea5t.<br \/>\n<b><\/b><\/p>\n<p><b>&#8211; Th\u00f4ng tin d\u1ec5 l\u1ed9: <\/b><\/p>\n<p>Th\u00f4ng tin v\u1ec1 phi\u00ean \u0111\u0103ng nh\u1eadp c\u1ee7a ng\u01b0\u1eddi d\u00f9ng c\u00f3 tr\u00ean token v\u00e0 l\u01b0u \u1edf ph\u00eda client n\u00ean s\u1ebd c\u00f3 nguy c\u01a1 l\u1ed9 th\u00f4ng tin trong qu\u00e1 tr\u00ecnh truy\u1ec1n t\u1ea3i.<\/p>\n<h2><b>3. Authorization l\u00e0 g\u00ec? M\u1ed9t s\u1ed1 ph\u01b0\u01a1ng ph\u00e1p Authorization\u00a0<\/b><\/h2>\n<div id=\"attachment_13698\" style=\"width: 1273px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-13698\" class=\"wp-image-13698 \" src=\"https:\/\/cdn.bap-software.net\/2024\/02\/06163413\/Authentication5-e1708480549831.jpg\" alt=\"What is Authorization?\" width=\"1263\" height=\"584\" \/><p id=\"caption-attachment-13698\" class=\"wp-caption-text\">Authorization l\u00e0 qu\u00e1 tr\u00ecnh x\u00e1c th\u1ef1c m\u1ee9c \u0111\u1ed9 truy c\u1eadp d\u1eef li\u1ec7u \u1ee9ng d\u1ee5ng v\u00e0 di\u1ec5n ra sau khi x\u00e1c minh danh t\u00ednh. Ngu\u1ed3n: cybermeteoroid.com<\/p><\/div>\n<h3><b>3.1. Kh\u00e1i ni\u1ec7m<\/b><\/h3>\n<p>Authorization l\u00e0 qu\u00e1 tr\u00ecnh x\u00e1c \u0111\u1ecbnh quy\u1ec1n truy c\u1eadp v\u00e0o c\u00e1c d\u1eef li\u1ec7u trong \u1ee9ng d\u1ee5ng cho ng\u01b0\u1eddi d\u00f9ng. Qu\u00e1 tr\u00ecnh authorization di\u1ec5n ra sau qu\u00e1 tr\u00ecnh x\u00e1c \u0111\u1ecbnh danh t\u00ednh nh\u1eb1m x\u00e1c \u0111\u1ecbnh m\u1ee9c \u0111\u1ed9 quy\u1ec1n s\u1eed d\u1ee5ng c\u00e1c t\u1ec7p, c\u01a1 s\u1edf d\u1eef li\u1ec7u, \u1ee9ng d\u1ee5ng con ho\u1eb7c t\u00e0i nguy\u00ean kh\u00e1c.<\/p>\n<p>M\u1ee5c \u0111\u00edch c\u1ee7a Authorization l\u00e0 cho ph\u00e9p ng\u01b0\u1eddi d\u00f9ng \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n c\u00e1c quy\u1ec1n \u0111\u00e3 c\u1ea5p ph\u00e9p, truy c\u1eadp v\u00e0o c\u00e1c t\u00e0i nguy\u00ean c\u00f3 kh\u00f3a b\u1ea3o v\u1ec7, ng\u0103n ch\u1eb7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng t\u1eeb ng\u01b0\u1eddi d\u00f9ng tr\u00e1i ph\u00e9p.<\/p>\n<h3><b>3.2. M\u1ed9t s\u1ed1 ph\u01b0\u01a1ng ph\u00e1p Authorization:<\/b><\/h3>\n<p><b>&#8211; Kh\u00f3a API<\/b><\/p>\n<p>Kh\u00f3a API l\u00e0 m\u1ed9t h\u00ecnh th\u1ee9c \u1ee7y quy\u1ec1n, th\u01b0\u1eddng li\u00ean k\u1ebft v\u1edbi m\u1ed9t \u1ee9ng d\u1ee5ng c\u1ee5 th\u1ec3, \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh ng\u01b0\u1eddi \u0111ang s\u1eed d\u1ee5ng kh\u00f3a API. API g\u1ed3m kh\u00f3a chung v\u00e0 kh\u00f3a ri\u00eang, h\u1ed7 tr\u1ee3 li\u00ean l\u1ea1c gi\u1eefa m\u00e1y ch\u1ee7 v\u00e0 ng\u01b0\u1eddi d\u00f9ng.<\/p>\n<p>\t\t\t<div class=\"related_one_post\">\n\t\t\t\t<p class=\"title_label\"> B\u00e0i vi\u1ebft li\u00ean quan <\/p>\n\t\t\t\t<div class=\"one_post_contents\">\n\t\t\t\t\t<div class=\"thumb\">\n\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.bap-software.net\/2024\/02\/05223636\/microservice4.jpg\" alt=\"Microservices v\u00e0 API gateway: T\u1ea7m quan tr\u1ecdng v\u00e0 \u1ee9ng d\u1ee5ng th\u1ef1c t\u1ebf\" \/>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<div class=\"desc\">\n\t\t\t\t\t\t<h6 class=\"title_one_post\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/bap-software.net\/vi\/knowledge\/microservices-and-api-gateway\/\" title=\"Microservices v\u00e0 API gateway: T\u1ea7m quan tr\u1ecdng v\u00e0 \u1ee9ng d\u1ee5ng th\u1ef1c t\u1ebf\"> Microservices v\u00e0 API gateway: T\u1ea7m quan tr\u1ecdng v\u00e0 \u1ee9ng d\u1ee5ng th\u1ef1c t\u1ebf <\/a>\n\t\t\t\t\t\t<\/h6>\n\t\t\t\t\t\t<div class=\"read_more\">\n\t\t\t\t\t\t\t<p class=\"read_more_text\">\n\t\t\t\t\t\t\t\tTrong th\u1eddi \u0111\u1ea1i c\u00f4ng ngh\u1ec7 ph\u00e1t tri\u1ec3n, vi\u1ec7c s\u1eed d\u1ee5ng c\u00e1c \u1ee9ng d\u1ee5ng t\u00edch h\u1ee3p v\u1edbi nhi\u1ec1u n\u1ec1n t\u1ea3ng \u0111\u00e3 tr\u1edf th\u00e0nh xu h\u01b0\u1edbng \u0111\u1ed1i v\u1edbi ng\u01b0\u1eddi d\u00f9ng. \u0110\u1ec3 t\u1ea1o ra nh...\t\t\t\t\t\t\t<\/p>\n\t\t\t\t\t\t\t<p class=\"link_read_more\">\n\t\t\t\t\t\t\t\t<a href=\"https:\/\/bap-software.net\/vi\/knowledge\/microservices-and-api-gateway\/\"> Xem Th\u00eam\t\t\t\t\t\t\t\t\t<i class=\"fa fa-angle-right\"><\/i>\n\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t<br \/>\n<b><\/b><\/p>\n<p><b>&#8211; X\u00e1c th\u1ef1c c\u01a1 b\u1ea3n<\/b><\/p>\n<p>X\u00e1c th\u1ef1c c\u01a1 b\u1ea3n l\u00e0 h\u00ecnh th\u1ee9c \u1ee7y quy\u1ec1n m\u00e0 ng\u01b0\u1eddi d\u00f9ng nh\u1eadp t\u00ean \u0111\u0103ng nh\u1eadp, m\u1eadt kh\u1ea9u v\u00e0o ti\u00eau \u0111\u1ec1 th\u00f4ng qua HTTPS. Tri\u1ec3n khai x\u00e1c th\u1ef1c HTTP c\u01a1 b\u1ea3n l\u00e0 ph\u01b0\u01a1ng ph\u00e1p \u0111\u01a1n gi\u1ea3n nh\u1ea5t \u0111\u1ec3 ki\u1ec3m so\u00e1t quy\u1ec1n truy c\u1eadp v\u00e0o t\u00e0i nguy\u00ean \u1ee9ng d\u1ee5ng.<br \/>\n<b><\/b><\/p>\n<p><b>&#8211; HMAC<\/b><\/p>\n<p>HMAC l\u00e0 qu\u00e1 tr\u00ecnh \u1ee7y quy\u1ec1n d\u1ef1a tr\u00ean m\u00e3 x\u00e1c th\u1ef1c tin nh\u1eafn th\u00f4ng qua thu\u1eadt to\u00e1n ch\u1eef k\u00fd s\u1ed1. HMAC \u0111\u1ea3m b\u1ea3o ch\u1ec9 ng\u01b0\u1eddi g\u1eedi v\u00e0 ng\u01b0\u1eddi nh\u1eadn m\u1edbi c\u00f3 quy\u1ec1n truy c\u1eadp kh\u00f3a b\u1ea3o m\u1eadt \u0111\u1ec3 s\u1eed d\u1ee5ng t\u00e0i nguy\u00ean trong \u1ee9ng d\u1ee5ng.<br \/>\n<b><\/b><\/p>\n<p><b>&#8211; OAuth<\/b><\/p>\n<p>OAuth l\u00e0 d\u1ea1ng Authorization cho ph\u00e9p ng\u01b0\u1eddi d\u00f9ng Internet truy c\u1eadp th\u00f4ng tin \u1ee9ng d\u1ee5ng m\u00e0 kh\u00f4ng c\u1ea7n cung c\u1ea5p m\u1eadt kh\u1ea9u.<\/p>\n<p>OAuth l\u00e0 h\u00ecnh th\u1ee9c nhi\u1ec1u t\u1eadp \u0111o\u00e0n l\u1edbn nh\u01b0 Amazon, Google, Facebook, Microsoft \u00e1p d\u1ee5ng, gi\u00fap ng\u01b0\u1eddi d\u00f9ng trao \u0111\u1ed5i th\u00f4ng tin v\u1ec1 t\u00e0i kho\u1ea3n c\u1ee7a h\u1ecd v\u1edbi c\u00e1c \u1ee9ng d\u1ee5ng th\u1ee9 ba.<\/p>\n<h2><b>4. Ph\u00e2n bi\u1ec7t Authentication va\u0300 Authorization<\/b><\/h2>\n<div id=\"attachment_13699\" style=\"width: 880px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-13699\" class=\"wp-image-13699 size-full\" src=\"https:\/\/cdn.bap-software.net\/2024\/02\/06163418\/Authentication6.jpg\" alt=\"Ph\u00e2n bi\u1ec7t Authentication va\u0300 Authorization\" width=\"870\" height=\"400\" \/><p id=\"caption-attachment-13699\" class=\"wp-caption-text\">Authentication vs Authorization l\u00e0 hai qu\u00e1 tr\u00ecnh x\u00e1c th\u1ef1c ho\u00e0n to\u00e0n kh\u00e1c nhau. Ngu\u1ed3n: ssl2buy.com<\/p><\/div>\n<p>Authentication v\u00e0 Authorization l\u00e0 hai thu\u1eadt ng\u1eef r\u1ea5t d\u1ec5 nh\u1ea7m l\u1eabn. Tuy nhi\u00ean, ch\u00fang l\u00e0 hai kh\u00e1i ni\u1ec7m ho\u00e0n to\u00e0n kh\u00e1c nhau v\u1edbi m\u1ed9t v\u00e0i \u0111i\u1ec3m kh\u00e1c bi\u1ec7t nh\u01b0:<\/p>\n<table style=\"width: 97.2069%; height: 200px;\">\n<tbody>\n<tr style=\"height: 36px;\">\n<td style=\"width: 50.3095%; text-align: center; height: 36px;\"><b>Authentication<\/b><\/td>\n<td style=\"width: 64.6893%; text-align: center; height: 36px;\"><b>Authorization<\/b><\/td>\n<\/tr>\n<tr style=\"height: 36px;\">\n<td style=\"width: 50.3095%; height: 36px;\"><span style=\"font-weight: 400;\">Authentication l\u00e0 b\u01b0\u1edbc \u0111\u1ea7u ti\u00ean c\u1ee7a Authorization.<\/span><\/td>\n<td style=\"width: 64.6893%; height: 36px;\"><span style=\"font-weight: 400;\">Authorization l\u00e0 b\u01b0\u1edbc sau khi Authentication th\u00e0nh c\u00f4ng.<\/span><\/td>\n<\/tr>\n<tr style=\"height: 43px;\">\n<td style=\"width: 50.3095%; height: 43px;\"><span style=\"font-weight: 400;\">Authentication gi\u00fap x\u00e1c \u0111\u1ecbnh danh t\u00ednh \u0111\u1ec3 c\u1ea5p quy\u1ec1n \u0111\u0103ng nh\u1eadp v\u00e0o \u1ee9ng d\u1ee5ng.<\/span><\/td>\n<td style=\"width: 64.6893%; height: 43px;\"><span style=\"font-weight: 400;\">Authorization gi\u00fap x\u00e1c \u0111\u1ecbnh quy\u1ec1n truy c\u1eadp v\u00e0o t\u00e0i nguy\u00ean c\u00f3 trong \u1ee9ng d\u1ee5ng.<\/span><\/td>\n<\/tr>\n<tr style=\"height: 43px;\">\n<td style=\"width: 50.3095%; height: 43px;\"><span style=\"font-weight: 400;\">Th\u01b0\u1eddng y\u00eau c\u1ea7u cung c\u1ea5p t\u00ean \u0111\u0103ng nh\u1eadp v\u00e0 m\u1eadt kh\u1ea9u<\/span><\/td>\n<td style=\"width: 64.6893%; height: 43px;\"><span style=\"font-weight: 400;\">T\u00f9y v\u00e0o t\u00ednh b\u1ea3o m\u1eadt m\u00e0 s\u1ebd y\u00eau c\u1ea7u c\u00e1c y\u1ebfu t\u1ed1 x\u00e1c th\u1ef1c kh\u00e1c nhau<\/span><\/td>\n<\/tr>\n<tr style=\"height: 42px;\">\n<td style=\"width: 50.3095%; height: 42px;\"><span style=\"font-weight: 400;\">X\u00e1c th\u1ef1c \u0111\u01b0\u1ee3c hi\u1ec3n th\u1ecb v\u00e0 ng\u01b0\u1eddi d\u00f9ng c\u00f3 th\u1ec3 thay \u0111\u1ed5i m\u1ed9t ph\u1ea7n<\/span><\/td>\n<td style=\"width: 64.6893%; height: 42px;\"><span style=\"font-weight: 400;\">Vi\u1ec7c \u1ee7y quy\u1ec1n kh\u00f4ng \u0111\u01b0\u1ee3c hi\u1ec3n th\u1ecb v\u00e0 kh\u00f4ng th\u1ec3 thay \u0111\u1ed5i<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2><b>K\u1ebft lu\u1eadn<\/b><\/h2>\n<p>Authentication v\u00e0 Authorization l\u00e0 hai kh\u00eda c\u1ea1nh quan tr\u1ecdng trong b\u1ea3o m\u1eadt ph\u1ea7n m\u1ec1m. Authentication x\u00e1c minh danh t\u00ednh ng\u01b0\u1eddi d\u00f9ng, trong khi Authorization ki\u1ec3m so\u00e1t quy\u1ec1n truy c\u1eadp. S\u1ef1 k\u1ebft h\u1ee3p linh ho\u1ea1t gi\u1eefa hai y\u1ebfu t\u1ed1 n\u00e0y gi\u00fap doanh nghi\u1ec7p \u0111\u1ea3m b\u1ea3o t\u00ednh to\u00e0n v\u1eb9n v\u00e0 an to\u00e0n cho h\u1ec7 th\u1ed1ng, t\u1ea1o n\u00ean m\u1ed9t m\u00f4i tr\u01b0\u1eddng <a href=\"https:\/\/bap-software.net\/vi\/knowledge\/what-is-software-development\/\">ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m<\/a> \u0111\u00e1ng tin c\u1eady.<\/p>\n<p>Hi\u1ec7n nay, BAP Software l\u00e0 m\u1ed9t trong nh\u1eefng c\u00f4ng ty d\u1ecbch v\u1ee5 c\u00f4ng ngh\u1ec7 th\u00f4ng tin uy t\u00edn, cung c\u1ea5p c\u00e1c s\u1ea3n ph\u1ea9m c\u00f4ng ngh\u1ec7 ch\u1ea5t l\u01b0\u1ee3ng cao t\u1edbi ng\u01b0\u1eddi d\u00f9ng, \u0111\u1eb7c bi\u1ec7t l\u00e0 c\u00e1c d\u1ecbch v\u1ee5 v\u1ec1 ph\u1ea7n m\u1ec1m. N\u1ebfu b\u1ea1n c\u00f3 nhu c\u1ea7u c\u1ea7n h\u1ed7 tr\u1ee3 v\u00e0 t\u01b0 v\u1ea5n, h\u00e3y <a href=\"https:\/\/bap-software.net\/vi\/contact\/\">li\u00ean h\u1ec7 ngay v\u1edbi BAP Software<\/a>! Ch\u00fang t\u00f4i lu\u00f4n s\u1eb5n s\u00e0ng h\u1ed7 tr\u1ee3 24\/24.<\/p>","protected":false},"author":25,"featured_media":13696,"template":"","meta":{"_acf_changed":false},"tags":[],"blog-cat":[2058],"class_list":["post-13684","knowledge","type-knowledge","status-publish","has-post-thumbnail","hentry","blog-cat-technology"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.1 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>T\u1ea5t t\u1ea7n t\u1eadt v\u1ec1 Authentication va\u0300 Authorization trong ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m<\/title>\n<meta name=\"description\" content=\"Authentication va\u0300 Authorization l\u00e0 hai kh\u00eda c\u1ea1nh quan tr\u1ecdng trong b\u1ea3o m\u1eadt ph\u1ea7n m\u1ec1m. Authentication x\u00e1c minh danh t\u00ednh ng\u01b0\u1eddi d\u00f9ng, trong khi...\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/bap-software.net\/vi\/knowledge\/authentication-vs-authorization-in-software-development\/\" \/>\n<meta property=\"og:locale\" content=\"vi_VN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"T\u1ea5t t\u1ea7n t\u1eadt v\u1ec1 Authentication vs Authorization trong ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m\" \/>\n<meta property=\"og:description\" content=\"Authentication va\u0300 Authorization l\u00e0 hai kh\u00eda c\u1ea1nh quan tr\u1ecdng trong b\u1ea3o m\u1eadt ph\u1ea7n m\u1ec1m. Authentication x\u00e1c minh danh t\u00ednh ng\u01b0\u1eddi d\u00f9ng, trong khi...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/bap-software.net\/vi\/knowledge\/authentication-vs-authorization-in-software-development\/\" \/>\n<meta property=\"og:site_name\" content=\"C\u00f4ng Ty C\u1ed5 Ph\u1ea7n \u0110\u1ea7u T\u01b0 V\u00e0 C\u00f4ng Ngh\u1ec7 BAP\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/bap32\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-30T07:19:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.bap-software.net\/2024\/02\/06163405\/Authentication3.png\" \/>\n\t<meta property=\"og:image:width\" content=\"801\" \/>\n\t<meta property=\"og:image:height\" content=\"446\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@bapsoftware\" \/>\n<meta name=\"twitter:label1\" content=\"\u01af\u1edbc t\u00ednh th\u1eddi gian \u0111\u1ecdc\" \/>\n\t<meta name=\"twitter:data1\" content=\"22 ph\u00fat\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/bap-software.net\\\/vi\\\/knowledge\\\/authentication-vs-authorization-in-software-development\\\/\",\"url\":\"https:\\\/\\\/bap-software.net\\\/vi\\\/knowledge\\\/authentication-vs-authorization-in-software-development\\\/\",\"name\":\"T\u1ea5t t\u1ea7n t\u1eadt v\u1ec1 Authentication va\u0300 Authorization trong ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/bap-software.net\\\/vi\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/bap-software.net\\\/vi\\\/knowledge\\\/authentication-vs-authorization-in-software-development\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/bap-software.net\\\/vi\\\/knowledge\\\/authentication-vs-authorization-in-software-development\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cdn.bap-software.net\\\/2024\\\/02\\\/06163405\\\/Authentication3.png\",\"datePublished\":\"2024-02-14T01:54:30+00:00\",\"dateModified\":\"2024-05-30T07:19:00+00:00\",\"description\":\"Authentication va\u0300 Authorization l\u00e0 hai kh\u00eda c\u1ea1nh quan tr\u1ecdng trong b\u1ea3o m\u1eadt ph\u1ea7n m\u1ec1m. Authentication x\u00e1c minh danh t\u00ednh ng\u01b0\u1eddi d\u00f9ng, trong khi...\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/bap-software.net\\\/vi\\\/knowledge\\\/authentication-vs-authorization-in-software-development\\\/#breadcrumb\"},\"inLanguage\":\"vi\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[[\"https:\\\/\\\/bap-software.net\\\/vi\\\/knowledge\\\/authentication-vs-authorization-in-software-development\\\/\"]]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"vi\",\"@id\":\"https:\\\/\\\/bap-software.net\\\/vi\\\/knowledge\\\/authentication-vs-authorization-in-software-development\\\/#primaryimage\",\"url\":\"https:\\\/\\\/cdn.bap-software.net\\\/2024\\\/02\\\/06163405\\\/Authentication3.png\",\"contentUrl\":\"https:\\\/\\\/cdn.bap-software.net\\\/2024\\\/02\\\/06163405\\\/Authentication3.png\",\"width\":801,\"height\":446,\"caption\":\"Session-based Authentication\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/bap-software.net\\\/vi\\\/knowledge\\\/authentication-vs-authorization-in-software-development\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/bap-software.net\\\/vi\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Knowledge\",\"item\":\"https:\\\/\\\/bap-software.net\\\/vi\\\/knowledge\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"T\u1ea5t t\u1ea7n t\u1eadt v\u1ec1 Authentication vs Authorization trong ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/bap-software.net\\\/vi\\\/#website\",\"url\":\"https:\\\/\\\/bap-software.net\\\/vi\\\/\",\"name\":\"C\u00f4ng Ty C\u1ed5 Ph\u1ea7n \u0110\u1ea7u T\u01b0 V\u00e0 C\u00f4ng Ngh\u1ec7 BAP\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/bap-software.net\\\/vi\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"vi\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"T\u1ea5t t\u1ea7n t\u1eadt v\u1ec1 Authentication va\u0300 Authorization trong ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m","description":"Authentication va\u0300 Authorization l\u00e0 hai kh\u00eda c\u1ea1nh quan tr\u1ecdng trong b\u1ea3o m\u1eadt ph\u1ea7n m\u1ec1m. Authentication x\u00e1c minh danh t\u00ednh ng\u01b0\u1eddi d\u00f9ng, trong khi...","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/bap-software.net\/vi\/knowledge\/authentication-vs-authorization-in-software-development\/","og_locale":"vi_VN","og_type":"article","og_title":"T\u1ea5t t\u1ea7n t\u1eadt v\u1ec1 Authentication vs Authorization trong ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m","og_description":"Authentication va\u0300 Authorization l\u00e0 hai kh\u00eda c\u1ea1nh quan tr\u1ecdng trong b\u1ea3o m\u1eadt ph\u1ea7n m\u1ec1m. Authentication x\u00e1c minh danh t\u00ednh ng\u01b0\u1eddi d\u00f9ng, trong khi...","og_url":"https:\/\/bap-software.net\/vi\/knowledge\/authentication-vs-authorization-in-software-development\/","og_site_name":"C\u00f4ng Ty C\u1ed5 Ph\u1ea7n \u0110\u1ea7u T\u01b0 V\u00e0 C\u00f4ng Ngh\u1ec7 BAP","article_publisher":"https:\/\/www.facebook.com\/bap32","article_modified_time":"2024-05-30T07:19:00+00:00","og_image":[{"width":801,"height":446,"url":"https:\/\/cdn.bap-software.net\/2024\/02\/06163405\/Authentication3.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@bapsoftware","twitter_misc":{"\u01af\u1edbc t\u00ednh th\u1eddi gian \u0111\u1ecdc":"22 ph\u00fat"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/bap-software.net\/vi\/knowledge\/authentication-vs-authorization-in-software-development\/","url":"https:\/\/bap-software.net\/vi\/knowledge\/authentication-vs-authorization-in-software-development\/","name":"T\u1ea5t t\u1ea7n t\u1eadt v\u1ec1 Authentication va\u0300 Authorization trong ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m","isPartOf":{"@id":"https:\/\/bap-software.net\/vi\/#website"},"primaryImageOfPage":{"@id":"https:\/\/bap-software.net\/vi\/knowledge\/authentication-vs-authorization-in-software-development\/#primaryimage"},"image":{"@id":"https:\/\/bap-software.net\/vi\/knowledge\/authentication-vs-authorization-in-software-development\/#primaryimage"},"thumbnailUrl":"https:\/\/cdn.bap-software.net\/2024\/02\/06163405\/Authentication3.png","datePublished":"2024-02-14T01:54:30+00:00","dateModified":"2024-05-30T07:19:00+00:00","description":"Authentication va\u0300 Authorization l\u00e0 hai kh\u00eda c\u1ea1nh quan tr\u1ecdng trong b\u1ea3o m\u1eadt ph\u1ea7n m\u1ec1m. Authentication x\u00e1c minh danh t\u00ednh ng\u01b0\u1eddi d\u00f9ng, trong khi...","breadcrumb":{"@id":"https:\/\/bap-software.net\/vi\/knowledge\/authentication-vs-authorization-in-software-development\/#breadcrumb"},"inLanguage":"vi","potentialAction":[{"@type":"ReadAction","target":[["https:\/\/bap-software.net\/vi\/knowledge\/authentication-vs-authorization-in-software-development\/"]]}]},{"@type":"ImageObject","inLanguage":"vi","@id":"https:\/\/bap-software.net\/vi\/knowledge\/authentication-vs-authorization-in-software-development\/#primaryimage","url":"https:\/\/cdn.bap-software.net\/2024\/02\/06163405\/Authentication3.png","contentUrl":"https:\/\/cdn.bap-software.net\/2024\/02\/06163405\/Authentication3.png","width":801,"height":446,"caption":"Session-based Authentication"},{"@type":"BreadcrumbList","@id":"https:\/\/bap-software.net\/vi\/knowledge\/authentication-vs-authorization-in-software-development\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/bap-software.net\/vi\/"},{"@type":"ListItem","position":2,"name":"Knowledge","item":"https:\/\/bap-software.net\/vi\/knowledge\/"},{"@type":"ListItem","position":3,"name":"T\u1ea5t t\u1ea7n t\u1eadt v\u1ec1 Authentication vs Authorization trong ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m"}]},{"@type":"WebSite","@id":"https:\/\/bap-software.net\/vi\/#website","url":"https:\/\/bap-software.net\/vi\/","name":"C\u00f4ng Ty C\u1ed5 Ph\u1ea7n \u0110\u1ea7u T\u01b0 V\u00e0 C\u00f4ng Ngh\u1ec7 BAP","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/bap-software.net\/vi\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"vi"}]}},"_links":{"self":[{"href":"https:\/\/bap-software.net\/vi\/wp-json\/wp\/v2\/knowledge\/13684","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bap-software.net\/vi\/wp-json\/wp\/v2\/knowledge"}],"about":[{"href":"https:\/\/bap-software.net\/vi\/wp-json\/wp\/v2\/types\/knowledge"}],"author":[{"embeddable":true,"href":"https:\/\/bap-software.net\/vi\/wp-json\/wp\/v2\/users\/25"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bap-software.net\/vi\/wp-json\/wp\/v2\/media\/13696"}],"wp:attachment":[{"href":"https:\/\/bap-software.net\/vi\/wp-json\/wp\/v2\/media?parent=13684"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bap-software.net\/vi\/wp-json\/wp\/v2\/tags?post=13684"},{"taxonomy":"blog-cat","embeddable":true,"href":"https:\/\/bap-software.net\/vi\/wp-json\/wp\/v2\/blog-cat?post=13684"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}