Web Flashcards
1
Q
Different REST API authentication?
A
Digital signature
Mathematical scheme to verify that the sender of the msg is who he is, also the msg is not modified during transit.
OAuth 1.0
- based on digital signature framework
- Transport independent
- Each msg signed individually
- If a single message within the communication is constructed or signed improperly, the entire transaction will be invalidated
OAuth 1.0
- Transport dependent - delegate most security check to https
- Centered around bearer tokens : These are easy for integration but not great for security. Bearer tokens do not provide internal security mechanisms. They can be copied or stolen but are easier to implement.
- Easier : OAuth 2.0 is much more usable, but much more difficult to build securely.
- Flexible : OAuth 1.0 only handled web workflows, but OAuth 2.0 considers non-web clients as well.
- Better separation of duties : Handling resource requests and handling user authorization can be decoupled in OAuth 2.0.
2
Q
Difference between HTTP and HTTPs?
A
- HTTP uses port number 80 for communication and HTTPS uses 443
- HTTP is considered to be unsecure and HTTPS is secure, msg in HTTPS are encriped using SSL Certificates
HTTP + Secure Sockets Layer - security protocol that create a encripied link between a server and client, so the data transmitted will be encrypted. - HTTP Works at Application Layer and HTTPS works at Transport Layer
3
Q
How SSL certificate works?
A
- using public/private key mechanism
- are provided from CA(certificate authority)
- Digitally signed by the CA, this browser can filter out unknown signature
Steps
- send my public key to CA,
- CA created some data structure matching my private key(the certificate)
- install that on my server
4
Q
What is FIX?
A
- a electronic communication protocol
- international real-time exchange of information related to securities transactions and markets
- standard electronic protocol for pre-trade communications and trade execution.
