Module 12 Flashcards

1
Q

WWW == internet?

A

no
the world wide web is an application (software) that operates over the internet (hardware)
- internet provides infrastructure
- www uses the infrastructure to run an application on which users connect and exchange data

other applications use the internet as well, e.g. email

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

WWW

A

an application on the internet that combines many protocols to allow for communication and transfer of data between machines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

the web is composed of __________ that are logically linked

A

documents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

uniform resource identifier

A

alphanumeric string of characters used to uniquely identify a web page or resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

uniform resource locator

A

URL

type of URI that specifies the location on the WWW and the mechanism for retrieving it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

break down of a URL

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

two types of content on WWW

A

static

  • -same for all users
  • -appearance may vary based on specific browser but content is the same
  • -HTML, CSS

dynamic

  • -programmatically generated depending on the user, context, config, arguments, etc.
  • -technologies: javascript
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

t/f internet is a completely connected graph

A

true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

what is a web browser?

A

software that is used to access and display Web content and to navigate across the Web

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

2 main components of the browser

A
  1. Rendering engine (HTML/CSS): responsible for static content presentation, formatting and layout
  2. JavaScript Engine (JS): responsible for creating and modifying dynamic content and appearance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

how does a web browser work?

A

Hypertext Transfer Protocol (HTTP) to transfer documents
• this is a client/server protocol

  1. client sends request
  2. server sends HTTP response, includes content that client request`
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

anatomy of an HTTP request

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

http request example

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

anatomy of an http response

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

most common status codes

A

200 OK - request succeeded, resulting resource (as stated in request) will be included in message body

404 Not Found - requested resource does not exist

500 server error - error on the server side in processing the request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

http response example

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

HTML

A

hypertext markup language - standard used to describe format and structure with which content should be displayed on a web page

document contains elements

each element generally includes a start tag, some content, and an end tag

18
Q

html facts

A

human readable
specifies how to structure data, not how to display it
browser chooses how to display content

19
Q

HTML structure is hierarchical

A
20
Q

Important HTML tags

A

!DOCTYPE
tells browser what version of HTML to use

HTML
root element

HEAD
contains info about the document using other tags (like title, link, meta, script)

BODY
all of the content for the browser to display

21
Q

CSS

A

cascading style sheets: a formatting language used to describe the appearance of content in an HTML file

22
Q

inline css

A

include css within the element tag itself as a style attribute

good:
easy to use
good for quick, one off situations

bad:
mixing content and presentation: this should be avoided
hard to manage

23
Q

css internal

A

include css within the head of the HTML using style elements

good:
separate content and presentation
easy to use
good if you only have a limited amount of CSS in the page

bad:
hard to manage with lots of styling
cannot reuse across multiple pages

24
Q

css syntax

A
25
Q

external css

A

put css in separate file and link in head

good:
separates content and presentation
can include many different CSS pages with multiple link tags

bad:
lots of files to manage (which might be overkill for small pages

26
Q

css selectors

A
27
Q

developing in JS

A
  1. JS embedded directly in the HTML inside script tags and/or using link tags to external .js files
  2. many browsers provide a JS REPL console for writing and evaluating code
  3. develop in .js file and execute it in a runtime environment such as Node.js
27
Q

developing in JS

A
  1. JS embedded directly in the HTML inside script tags and/or using link tags to external .js files
  2. many browsers provide a JS REPL console for writing and evaluating code
  3. develop in .js file and execute it in a runtime environment such as Node.js
28
Q

example of embedded js

A
29
Q

creating a prototype

A

prototypes are created like another other JS function or object
the this keyword refers to the current object
the new keyword can be used to create new objects from the same prototype

30
Q

extending a prototype

A

prototypes can extend another prototype with more functionality
to inherit a prototype, set the __proto__ property of an object to the parent prototype

31
Q

prototype properties

A

properties and methods can be added to prototypes by adding them to the prototype property

32
Q

event driven programming

A
  • usually – programming is thought of as a sequence of instructions and function calls
  • event driven programming is when a program’s behavior is based on events
  • in web programming these events are generally user actions
  • different events/actions invoke different callback functions which handle that event/action
33
Q

t/f event driven programming is asynchronous

A

true

34
Q

synchronous vs. asynchronous

A

synchronous:

  • you are expecting a user input
  • you continuously recheck a text field until the user has put in the required info
  • you run some code on user input

asynchronous:

  • you expect a user input
  • you tell your browser to let your program know when the user has put in the required info
  • you possibly run other code until the browser notifies you
  • when the user has entered information you run the associated callback function
35
Q

cookies

A

name-value pair

can contain optional attributes`

36
Q

cookie parameters

A

Name
Max-Age (unspecified = session cookie)
Path: if set to /hws/, cookie valid for /hws/ but not for /labs/
domain: cis.upenn.edu (accessible by cis and all its subdomains)
secure: only transmitted via HTTPS
HttpOnly: not accessible via JS (document.cookie)

37
Q

how to hijack cookies

A

guess the cookie
discover the cookie
set the cookie

38
Q

guess the cookie

A

if session id is small or generated with bad randomness
time/date
small numbers - 32 bits
non-cryptographic PRG

solution: server should use good randomness
secure prgs
large ids 256 bits

39
Q

discover the cookie

A

if sent over http
-network attacker can see it

if browser doesn’t authenticate the server
-DNS attacker can trick browser into sending cookie to attacker’s server

malicious JS
-can access cookie via document.cookie

mitigations:
set secure field
set HttpOnly (this could break some apps)