# access-control

標記為「access-control」的 26 篇文章

MCP Authentication Gaps: Securing MCP Server Authentication

A defense-focused guide to understanding authentication weaknesses in MCP server deployments -- 38% of scanned servers lack any authentication -- and implementing robust token-based auth, mTLS, and middleware-based access control.

mcpauthenticationdefensemTLStoken-authaccess-control

中級

Cloud AI IAM Misconfigurations

Common IAM misconfigurations in cloud AI services and their exploitation for unauthorized model access.

cloud-aiiammisconfigurationsaccess-control

中級

Vector Database Access Control

Vector database access control weaknesses: API key management, tenant isolation failures, namespace security, and metadata filtering bypass techniques.

access-controlapi-keystenant-isolationnamespace-securitymetadata-filteringvector-databases

中級

Vector DB Access Control Bypass Techniques

Techniques for bypassing vector database access controls including namespace escaping, metadata injection, and query manipulation.

embeddingvector-dbaccess-controlbypass

進階

Authentication & Session Attacks

Methodology for bypassing authentication, extracting API keys, manipulating session state, exploiting cross-session data leakage, and escalating privileges in LLM-powered applications.

authenticationsession-attacksapi-keysprivilege-escalationjwtllm-appsaccess-control

進階

Vector Database Security

Security hardening for vector databases including Pinecone, Weaviate, Chroma, and pgvector.

infrastructurevector-databasesecurityaccess-control

中級

RAG Access Control Bypass

Bypass document-level access controls in enterprise RAG systems through query manipulation and context injection.

labsragaccess-controlbypassadvanced

進階

Lab: Vector Database Access Control Testing

Test vector database access controls for bypass vulnerabilities including namespace traversal and filter manipulation.

labsvector-dbaccess-controlintermediate

中級

Feature Store Access Control

Access control strategies for feature stores: feature-level permissions, cross-team data leakage prevention, PII protection in features, service account management, and implementing least-privilege access for ML feature infrastructure.

access-controlfeature-storepermissionspiidata-leakageleast-privilegerbac

中級

Model Registry Security (Llmops Security)

Security overview of model registries: how registries manage model lifecycle, access control models, trust boundaries, and the unique security challenges of storing and distributing opaque ML artifacts.

model-registryartifact-managementaccess-controltrust-boundariesml-securitymodel-lifecycle

中級

Capability-Based Access Control

Step-by-step walkthrough for implementing fine-grained capability controls for LLM features, covering capability token design, permission scoping, dynamic capability grants, and audit trails.

access-controlcapabilitiespermissionsauthorizationdefensewalkthrough

中級

Implementing Access Control in RAG Pipelines

Walkthrough for building access control systems in RAG pipelines that enforce document-level permissions, prevent cross-user data leakage, filter retrieved context based on user authorization, and resist retrieval poisoning attacks.

ragaccess-controlretrievaldata-leakageauthorizationdefensewalkthrough

進階

Agent Tool Access Control Implementation

Implement fine-grained tool access control for LLM agents with capability-based security and approval workflows.

walkthroughsdefenseagentaccess-control

進階

MCP Authentication Gaps: Securing MCP Server Authentication

mcpauthenticationdefensemTLStoken-authaccess-control

中級

Cloud AI IAM Misconfigurations

Common IAM misconfigurations in cloud AI services and their exploitation for unauthorized model access.

cloud-aiiammisconfigurationsaccess-control

中級

向量資料庫存取控制

向量資料庫的存取控制弱點：API 金鑰管理、租戶隔離失誤、命名空間安全，以及 metadata 過濾繞過技術。

access-controlapi-keystenant-isolationnamespace-securitymetadata-filteringvector-databases

中級

Vector DB Access Control Bypass Techniques

Techniques for bypassing vector database access controls including namespace escaping, metadata injection, and query manipulation.

embeddingvector-dbaccess-controlbypass

進階

身分驗證與會話攻擊

繞過身分驗證、提取 API 金鑰、操弄會話狀態、利用跨會話資料洩漏，與於 LLM 驅動應用升級特權之方法論。

authenticationsession-attacksapi-keysprivilege-escalationjwtllm-appsaccess-control

進階

Vector Database 安全

安全 hardening for vector databases including Pinecone, Weaviate, Chroma, and pgvector.

infrastructurevector-databasesecurityaccess-control

中級

RAG Access Control Bypass

Bypass document-level access controls in enterprise RAG systems through query manipulation and context injection.

labsragaccess-controlbypassadvanced

進階

實驗室: Vector Database Access Control Testing

Test vector database access controls for bypass vulnerabilities including namespace traversal and filter manipulation.

labsvector-dbaccess-controlintermediate

中級

Feature Store Access Control

access-controlfeature-storepermissionspiidata-leakageleast-privilegerbac

中級

模型登錄安全（LLMOps 安全）

模型登錄之安全概觀：登錄如何管理模型生命週期、存取控制模型、信任邊界，以及儲存與散發不透明 ML 產物的獨特安全挑戰。

model-registryartifact-managementaccess-controltrust-boundariesml-securitymodel-lifecycle

中級

Capability-Based Access Control

Step-by-step walkthrough for implementing fine-grained capability controls for LLM features, covering capability token design, permission scoping, dynamic capability grants, and audit trails.

access-controlcapabilitiespermissionsauthorizationdefensewalkthrough

中級

Implementing Access Control in RAG Pipelines

導覽 for building access control systems in RAG pipelines that enforce document-level permissions, prevent cross-user data leakage, filter retrieved context based on user authorization, and resist retrieval poisoning attacks.

ragaccess-controlretrievaldata-leakageauthorizationdefensewalkthrough

進階

代理工具 Access Control Implementation

Implement fine-grained tool access control for LLM agents with capability-based security and approval workflows.

walkthroughsdefenseagentaccess-control

進階

# access-control

MCP Authentication Gaps: Securing MCP Server Authentication

Cloud AI IAM Misconfigurations

Vector Database Access Control

Vector DB Access Control Bypass Techniques

Authentication & Session Attacks

Vector Database Security

RAG Access Control Bypass

Lab: Vector Database Access Control Testing

Feature Store Access Control

Model Registry Security (Llmops Security)

Capability-Based Access Control

Implementing Access Control in RAG Pipelines

Agent Tool Access Control Implementation

MCP Authentication Gaps: Securing MCP Server Authentication

Cloud AI IAM Misconfigurations

向量資料庫存取控制

Vector DB Access Control Bypass Techniques

身分驗證與會話攻擊

Vector Database 安全

RAG Access Control Bypass

實驗室: Vector Database Access Control Testing

Feature Store Access Control

模型登錄安全（LLMOps 安全）

Capability-Based Access Control

Implementing Access Control in RAG Pipelines

代理 工具 Access Control Implementation

# access-control

MCP Authentication Gaps: Securing MCP Server Authentication

Cloud AI IAM Misconfigurations

Vector Database Access Control

Vector DB Access Control Bypass Techniques

Authentication & Session Attacks

Vector Database Security

RAG Access Control Bypass

Lab: Vector Database Access Control Testing

Feature Store Access Control

Model Registry Security (Llmops Security)

Capability-Based Access Control

Implementing Access Control in RAG Pipelines

Agent Tool Access Control Implementation

MCP Authentication Gaps: Securing MCP Server Authentication

Cloud AI IAM Misconfigurations

向量資料庫存取控制

Vector DB Access Control Bypass Techniques

身分驗證與會話攻擊

Vector Database 安全

RAG Access Control Bypass

實驗室: Vector Database Access Control Testing

Feature Store Access Control

模型登錄安全（LLMOps 安全）

Capability-Based Access Control

Implementing Access Control in RAG Pipelines

代理 工具 Access Control Implementation

代理工具 Access Control Implementation

代理工具 Access Control Implementation