LESSON6-COOKIES&ACCESSCONTROL Flashcards
are small pieces of data stored on the client’s browser, used to
remember information between requests.
Cookies
cookies are managed using the ______ function
setcookie()
allows developers to store user preferences, session identifiers, and other data that need to persist across different pages or visits.
Cookies
an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated.
Cross-site Request Forgery Attacksw
exploits a vulnerability in a web application if it cannot differentiate between a request generated by an individual user and a request generated by a user without their consent
Cross-site Request Forgery Attacks
is a critical aspect of web application security, determining what resources a user can access and what operations they can perform.
Access Control
are typically implemented using sessions, user authentication, and role-based authorization mechanisms.
Access Control
are used to maintain user state and data across multiple pages.
- Sessions
This is achieved through the ______ function, which initializes a session or resumes the current one based on a session identifier passed via a cookie or URL.
session_start()
Implementing _______ in PHP involves verifying user credentials (such as username and password) against stored data.
User Authentication
This involves defining roles (e.g., admin, editor, viewer) and assigning permissions to these roles.
Role-Based Access Control (RBAC)
PHP frameworks like
Laravel, Symfony, and CodeIgniter
are essential for maintaining state information between web pages and user sessions.
Cookies
To set a cookie in PHP, you use the ______ function. This function should be called before any output is sent to the browser, as it modifies the HTTP headers.
setcookie()
setting cookie syntax
setcookie(name, value, expire, path, domain, secure, httponly);
name: The name of the cookie.
value: The value of the cookie.
expire: The expiration time of the cookie in Unix timestamp format.
path: The path on the server where the cookie is available.
domain: The domain where the cookie is available.
secure: If true, the cookie is only sent over HTTPS.
httponly: If true, the cookie is accessible only through the HTTP protocol, not via JavaScript; prevents client-side scripts from accessing data
Accessing a cookie is done through the ____ global variable in PHP. Each cookie set by the server can be retrieved by referencing its name in this array.
$_COOKIE
To delete a cookie, you set it with an expiration date in the past. This effectively removes the cookie from the client’s browser.
setcookie(“user”, “”, time() - 3600, “/”);
“this is equivalent to 1hr”
is a method to ensure that users are who they claim to be by verifying their credentials, typically a username and password.
HTTP Authentication
PHP provides functions like password_hash() to create a secure hash of a password. This function uses strong, one-way hashing algorithms and includes built-in salting and stretching (adding computational work to slow down brute-force attacks).
Hashing
PHP provides functions like _______ to create a secure hash of a password.
password_hash()
function hashes the plaintext password using a secure one-way hashing algorithm.
password_hash()
is a constant parameter that uses the strongest algorithm currently available.
PASSWORD_DEFAULT
involves adding a random value (the salt) to a password before hashing it. This prevents attackers from using precomputed tables (rainbow tables) to crack the hashes.
Salting
PHP’s _______ () function automatically generates a salt\ and includes it in the resulting hash.
password_hash()