Authentication Flashcards

(39 cards)

1
Q

The process of verifying that someone is who they say they are.

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Reasons for authentication (3)

A
  1. Saving client-client data
  2. Customizing User Experience
  3. Authorization/Usage Control
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Involves granting access to resources based on someone’s identity

A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Authorization can’t happen without _______________.

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What do we need for authentication? (2)

A
  1. Credentials (username, and password or email and password)
  2. Authentication token or session id from the server
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Two kinds of auth

A
  1. Token Based Auth
  2. Session Based Auth
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In Token-based auth, the authenticating server gives out _______ to clients.

A

Tokens

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A token is a _____________.

A

A string of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Auth tokens are usually at least ________.

A

signed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A _________ message means that its origin can be verified.

A

signed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A __________ message means that only its intended recipient can read it.

A

encrypted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In token-based website, clients send ________ for every requests that need authentication.

A

Auth token

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Elaborate the process when a client is requesting a process that requires authentication using token-based auth.

A
  1. Client logs in using credentials then the server authenticates it.
  2. If authenticated, client receives auth token.
  3. User sends the auth token to the server instead of credentials when they ask for webpage that needs authentication
  4. Server validates the auth token.
  5. If validated, the requested webpage is sent to client.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What error does client receives when they are unauthenticated?

A

401, unauthenticated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The authenticating server only checks the __________ of submitted tokens.

A

validity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Elaborate the process when a client is requesting a process that requires authentication using session-based auth.

A

same lang sa token-based tbh, difference lang ay ang sinesend this time ay session reference na vinavalidate ng server.

17
Q

In session-based auth, the server keeps track of a list of active sessions. It gives logged in users a _____________ (usually in a ____________).

A

session id, cookie

18
Q

In session-based auth, heavy lifting is done on the side of the __________ as the ________ keeps all the session data. While in token-based, all session info are kept in __________.

A

server, server, token

19
Q

Tokens and Sessions can be ________ to terminate a logged in session as needed.

20
Q

A small piece of data that the server sends to the user’s browser via a header in the response message

21
Q

Cookies are usually used by the server to tell if ______________________.

A

2 requests came from the same browser

22
Q

3 uses for cookies

A
  • session management
  • personalization
  • tracking
23
Q

2 types of cookies

A
  • session cookies
  • permanent cookies
24
Q

These cookie s have an expiry date and time set during its creation. They are automatically deleted by the browser.

A

Permanent cookies

25
These cookies don't have a specified expiry. They are deleted when the client shuts down.
Session cookies
26
Session cookies can be restored using a browser feature called _____________.
session restoring
27
Because of ___________, session cookies are practically permanent, in practice.
session restoring
28
These cookies are inaccessible via JS/DOM methods. They are only stored and set directly to the server.
Secure/HTTPOnly Cookies
29
True or False: Only Permanent cookies can have the additional property of being secure cookies.
False, both session and permanent
30
In practice, cookies are of what size?
4KB
31
Options for storing session data in the server: (2)
1. Main memory 2. Database storage
32
Options for token storage on client side: (4)
1. Browser sessionStorage 2. Browser localStorage 3. Cookies 4. Variable in a program/main memory (if
33
Forms of browser storage introduced in HTML5
Session storage and local storage
34
Like cookies, data in local/session storage is associated with an _________.
origin
35
Options for sending auth tokens to a server: (3)
1. As a cookie 2. In the Authorization header of a request 3. In the URL
36
True or False: In practice, web apps commonly use a combination of both token and session-based auth.
True
37
Using HTTP without ______, a middleman can read the contents of all the messages you exchange with a server, and can steal cookies, tokens, or credentials.
TLS
38
What are the task of the sever in authentication?
1. Give out tokens 2. Verify validity of tokens
39
What are the task of the client in authentication?
1. Store auth token from server 2. Send auth token to server when necessary