Authentication

Question 1

The process of verifying that someone is who they say they are.

Answer 1

Authentication

Question 2

Reasons for authentication (3)

Answer 2

1. Saving client-client data
2. Customizing User Experience
3. Authorization/Usage Control

Question 3

Involves granting access to resources based on someone’s identity

Answer 3

Authorization

Question 4

Authorization can’t happen without _______________.

Answer 4

Authentication

Question 5

What do we need for authentication? (2)

Answer 5

1. Credentials (username, and password or email and password)
2. Authentication token or session id from the server

Question 6

Two kinds of auth

Answer 6

1. Token Based Auth
2. Session Based Auth

Question 7

In Token-based auth, the authenticating server gives out _______ to clients.

Answer 7

Tokens

Question 8

A token is a _____________.

Answer 8

A string of data

Question 9

Auth tokens are usually at least ________.

Answer 9

signed

Question 10

A _________ message means that its origin can be verified.

Answer 10

signed

Question 11

A __________ message means that only its intended recipient can read it.

Answer 11

encrypted

Question 12

In token-based website, clients send ________ for every requests that need authentication.

Answer 12

Auth token

Question 13

Elaborate the process when a client is requesting a process that requires authentication using token-based auth.

Answer 13

1. Client logs in using credentials then the server authenticates it.
2. If authenticated, client receives auth token.
3. User sends the auth token to the server instead of credentials when they ask for webpage that needs authentication
4. Server validates the auth token.
5. If validated, the requested webpage is sent to client.

Question 14

What error does client receives when they are unauthenticated?

Answer 14

401, unauthenticated

Question 15

The authenticating server only checks the __________ of submitted tokens.

Answer 15

validity

Question 16

Elaborate the process when a client is requesting a process that requires authentication using session-based auth.

Answer 16

same lang sa token-based tbh, difference lang ay ang sinesend this time ay session reference na vinavalidate ng server.

Question 17

In session-based auth, the server keeps track of a list of active sessions. It gives logged in users a _____________ (usually in a ____________).

Answer 17

session id, cookie

Question 18

In session-based auth, heavy lifting is done on the side of the __________ as the ________ keeps all the session data. While in token-based, all session info are kept in __________.

Answer 18

server, server, token

Question 19

Tokens and Sessions can be ________ to terminate a logged in session as needed.

Answer 19

revoked

Question 20

A small piece of data that the server sends to the user’s browser via a header in the response message

Answer 20

Cookie

Question 21

Cookies are usually used by the server to tell if ______________________.

Answer 21

2 requests came from the same browser

Question 22

3 uses for cookies

Answer 22

• session management
• personalization
• tracking

Question 23

2 types of cookies

Answer 23

• session cookies
• permanent cookies

Question 24

These cookie s have an expiry date and time set during its creation. They are automatically deleted by the browser.

Answer 24

Permanent cookies

Question 25

These cookies don't have a specified expiry. They are deleted when the client shuts down.

Answer 25

Session cookies

Question 26

Session cookies can be restored using a browser feature called _____________.

Answer 26

session restoring

Question 27

Because of ___________, session cookies are practically permanent, in practice.

Answer 27

session restoring

Question 28

These cookies are inaccessible via JS/DOM methods. They are only stored and set directly to the server.

Answer 28

Secure/HTTPOnly Cookies

Question 29

True or False: Only Permanent cookies can have the additional property of being secure cookies.

Answer 29

False, both session and permanent

Question 30

In practice, cookies are of what size?

Answer 30

4KB

Question 31

Options for storing session data in the server: (2)

Answer 31

1. Main memory 2. Database storage

Question 32

Options for token storage on client side: (4)

Answer 32

1. Browser sessionStorage 2. Browser localStorage 3. Cookies 4. Variable in a program/main memory (if

Question 33

Forms of browser storage introduced in HTML5

Answer 33

Session storage and local storage

Question 34

Like cookies, data in local/session storage is associated with an _________.

Answer 34

origin

Question 35

Options for sending auth tokens to a server: (3)

Answer 35

1. As a cookie 2. In the Authorization header of a request 3. In the URL

Question 36

True or False: In practice, web apps commonly use a combination of both token and session-based auth.

Answer 36

True

Question 37

Using HTTP without ______, a middleman can read the contents of all the messages you exchange with a server, and can steal cookies, tokens, or credentials.

Answer 37

TLS

Question 38

What are the task of the sever in authentication?

Answer 38

1. Give out tokens 2. Verify validity of tokens

Question 39

What are the task of the client in authentication?

Answer 39

1. Store auth token from server 2. Send auth token to server when necessary