Authentication

Question 1

The process of verifying that someone is who they say they are.

Answer 1

Authentication

Question 2

Reasons for authentication (3)

Answer 2

1. Saving client-client data
2. Customizing User Experience
3. Authorization/Usage Control

Question 3

Involves granting access to resources based on someone’s identity

Answer 3

Authorization

Question 4

Authorization can’t happen without _______________.

Answer 4

Authentication

Question 5

What do we need for authentication? (2)

Answer 5

1. Credentials (username, and password or email and password)
2. Authentication token or session id from the server

Question 6

Two kinds of auth

Answer 6

1. Token Based Auth
2. Session Based Auth

Question 7

In Token-based auth, the authenticating server gives out _______ to clients.

Answer 7

Tokens

Question 8

A token is a _____________.

Answer 8

A string of data

Question 9

Auth tokens are usually at least ________.

Answer 9

signed

Question 10

A _________ message means that its origin can be verified.

Answer 10

signed

Question 11

A __________ message means that only its intended recipient can read it.

Answer 11

encrypted

Question 12

Elaborate the process when a client is requesting a process that requires authentication using token-based auth.

Answer 12

1. Client logs in using credentials then the server authenticates it.
2. If authenticated, client receives auth token.
3. User sends the auth token to the server instead of credentials
4. Server validates the auth token.

Question 13

The authenticating server only checks the __________ of submitted tokens.

Answer 13

validity

Question 14

Elaborate the process when a client is requesting a process that requires authentication using session-based auth.

Answer 14

same lang sa token-based tbh, difference lang ay ang sinesend this time ay session reference na vinavalidate ng server.

Question 15

In session-based auth, the server keeps track of a list of active sessions. It gives logged in users a _____________ (usually in a ____________).

Answer 15

session id, cookie

Question 16

In session-based auth, heavy lifting is done on the side of the __________. While in token-based, heavy lifting is done in the ___________.

Answer 16

server, token(?) basta all session info is in the token

Question 17

Tokens and Sessions can be ________ to terminate a logged in session as needed.

Answer 17

revoked

Question 18

A small piece of data that the server sends to the user’s browser via a header in the response message

Answer 18

Cookie

Question 19

Cookies are usually used by the server to tell if ______________________.

Answer 19

2 requests came from the same browser

Question 20

3 uses for cookies

Answer 20

• session management
• personalization
• tracking

Question 21

2 types of cookies

Answer 21

• session cookies
• permanent cookies

Question 22

These cookie s have an expiry date and time set during its creation. They are automatically deleted by the browser.

Answer 22

Permanent cookies

Question 23

These cookies don’t have a specified expiry. They are deleted when the client shuts down.

Answer 23

Session cookies

Question 24

Session cookies can be restored using a browser feature called _____________.

Answer 24

session restoring

Question 25

Because of ___________, session cookies are practically permanent, in practice.

Answer 25

session restoring

Question 26

These cookies are inaccessible via JS/DOM methods. They are only stored and set directly to the server.

Answer 26

Secure/HTTPOnly Cookies

Question 27

True or False: Only Permanent cookies can have the additional property of being secure cookies.

Answer 27

False, both session and permanent

Question 28

In practice, cookies are of what size?

Answer 28

4KB

Question 29

Options for storing session data in the server: (2)

Answer 29

1. Main memory 2. Database storage

Question 30

Options for token storage on client side: (4)

Answer 30

1. Browser sessionStorage 2. Browser localStorage 3. Cookies 4. Variable in a program/main memory (if

Question 31

Forms of browser storage introduced in HTML5

Answer 31

Session storage and local storage

Question 32

Like cookies, data in local/session storage is associated with an _________.

Answer 32

origin

Question 33

Options for sending auth tokens to a server: (3)

Answer 33

1. As a cookie 2. In the Authorization header of a request 3. In the URL

Question 34

True or False: In practice, web apps commonly use a combination of both token and session-based auth.

Answer 34

True

Question 35

Without ______, a middleman can read the contents of all the messages you exchange with a server, and can steal cookies, tokens, or credentials.

Answer 35

TLS

Question 36

What are the task of the sever in authentication?

Answer 36

1. Give out tokens 2. Verify validity of tokens

Question 37

What are the task of the client in authentication?

Answer 37

1. Store auth token from server 2. Send auth token to server when necessary