LESSON6-COOKIES&ACCESSCONTROL Flashcards

1
Q

are small pieces of data stored on the client’s browser, used to
remember information between requests.

A

Cookies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

cookies are managed using the ______ function

A

setcookie()

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

allows developers to store user preferences, session identifiers, and other data that need to persist across different pages or visits.

A

Cookies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated.

A

Cross-site Request Forgery Attacksw

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

exploits a vulnerability in a web application if it cannot differentiate between a request generated by an individual user and a request generated by a user without their consent

A

Cross-site Request Forgery Attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

is a critical aspect of web application security, determining what resources a user can access and what operations they can perform.

A

Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

are typically implemented using sessions, user authentication, and role-based authorization mechanisms.

A

Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

are used to maintain user state and data across multiple pages.

A
  • Sessions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

This is achieved through the ______ function, which initializes a session or resumes the current one based on a session identifier passed via a cookie or URL.

A

session_start()

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Implementing _______ in PHP involves verifying user credentials (such as username and password) against stored data.

A

User Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

This involves defining roles (e.g., admin, editor, viewer) and assigning permissions to these roles.

A

Role-Based Access Control (RBAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

PHP frameworks like

A

Laravel, Symfony, and CodeIgniter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

are essential for maintaining state information between web pages and user sessions.

A

Cookies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

To set a cookie in PHP, you use the ______ function. This function should be called before any output is sent to the browser, as it modifies the HTTP headers.

A

setcookie()

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

setting cookie syntax

A
setcookie(name, value, expire, path, domain, secure, httponly);

name: The name of the cookie.
value: The value of the cookie.
expire: The expiration time of the cookie in Unix timestamp format.
path: The path on the server where the cookie is available.
domain: The domain where the cookie is available.
secure: If true, the cookie is only sent over HTTPS.
httponly: If true, the cookie is accessible only through the HTTP protocol, not via JavaScript; prevents client-side scripts from accessing data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Accessing a cookie is done through the ____ global variable in PHP. Each cookie set by the server can be retrieved by referencing its name in this array.

17
Q

To delete a cookie, you set it with an expiration date in the past. This effectively removes the cookie from the client’s browser.

A

setcookie(“user”, “”, time() - 3600, “/”);
“this is equivalent to 1hr”

18
Q

is a method to ensure that users are who they claim to be by verifying their credentials, typically a username and password.

A

HTTP Authentication

19
Q

PHP provides functions like password_hash() to create a secure hash of a password. This function uses strong, one-way hashing algorithms and includes built-in salting and stretching (adding computational work to slow down brute-force attacks).

20
Q

PHP provides functions like _______ to create a secure hash of a password.

A

password_hash()

21
Q

function hashes the plaintext password using a secure one-way hashing algorithm.

A

password_hash()

22
Q

is a constant parameter that uses the strongest algorithm currently available.

A

PASSWORD_DEFAULT

23
Q

involves adding a random value (the salt) to a password before hashing it. This prevents attackers from using precomputed tables (rainbow tables) to crack the hashes.

24
Q

PHP’s _______ () function automatically generates a salt\ and includes it in the resulting hash.

A

password_hash()

25
When a user attempts to log in, the stored hash must be compared to the hash of the provided password. This is done using the _______ function.
password_verify()
26
in PHP are used to store and manage user data across multiple pages, providing a way to maintain state information between HTTP requests. This is essential for creating a seamless user experience in web applications.
Sessions
27
To start a session in PHP, you use the _______ function. This function initializes a new session or resumes an existing one. It must be called at the beginning of your script before any output is sent to the browser.
session_start()
28
______ are used to store information to be used across multiple pages. These are used to let the web server know “who you are and what you do”.
Session variables
29
destroys all of the data associated with the current session; it destroys the whole session rather than destroying the variables
Session Destroy session_destroy()
30
deletes only the variables from the session and the session still exists.
Session Unset session_unset()
31
is crucial to prevent attacks like session hijacking and fixation. Some key practices include regenerating session IDs, using secure cookies, and validating session data.
Session Security
32
the malicious act of taking control of a user’s web session
Session Hijacking
33
an attack where an attacker gets the user to log in to an application using a specific session ID. When the user logs in to a web application using that ID, the attacker knows the victim’s valid session ID and can use it to access the user’s account.
Session Fixation
34
the address people type into a web browser when using the internet
Domain
35
an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website
Cross-site Scripting Attack (XSS)