Web/Security
-
Open Authorization(OAuth) 2.0Web/Security 2019. 8. 29. 15:05
1. Overview OAuth is an open standard protocol for authentication External service functions can be used in other applications OAuth2.0 is not compatible with 1.0, but the authentication process is simple 1.1 Difference between OAuth and Login Login is when a member of the A service uses the A service In the case of OAuth, the B service performs authentication and authentication through the meth..
-
Difference between Signing and Encryption with OpenPGPWeb/Security 2019. 8. 29. 09:57
1. Overview Let's distribute Signing and Encryption with OpenPGP 2. Purpose Preserve confidentiality and privacy To meet some business regulations of security To make sensitive data unreadable to unauthorized parites Data Integrity Not altered from its original form Message AUthentication(Proof of Origin) Ensuring message came from the purported sender Non-repudiation That the sender cannot deny..
-
Encoding, Encryption, Hashing, and ObfuscationWeb/Security 2019. 8. 28. 10:39
1. Overview Let's distinguish these confusing concepts 2. Description 2.1 Encoding The purpose of encoding is to transform data so that it can be properly and safely consumed by a different type of system. For example, binary data being sent over email, or viewing special characters on a web page. The goal is not to keep information secret, but rather to ensure that it's able to be properly cons..
-
Authentication and AuthorizationWeb/Security 2019. 8. 27. 21:55
1. Overview Authentication is the process of ascertaining that somebody really is who they claim to be. And Authorization refers to rules that determine who is allowed to do what. E.g. Adam may be authorized to create and delete databases, while Usama is only authorized to read. 1.1 Authentication Login + password Who you are 1.2 Authorization Permissions What you are allowed to do 2. Descriptio..
-
JWT, JWS, JWE, JWA, and JWKWeb/Security 2019. 8. 27. 21:53
1. Overview JWT is used to transport user identity/entitlements between interested parties in a secure manner. JWS and JWE are instances of the JWT when used compact serialization JWS and JWE can be serialized using either the compact serialization or JSON serialization JWT doesn't' define a specific binding, but in practice, JWT tokens are transported over HTTPS under the Authorization Bearer h..
-
Session and CookieWeb/Security 2019. 8. 23. 13:22
1. Overview 1.1 Session Storing user-related data across different requests. Server-side storage holding contextual data 1.2 Cookie Storing a small piece of the date on client-side Used to identify a client Used for passing some data from one servlet to another 2. Session If we access the JSP page for the first time, then a new session gets created by default. In most cases, a web server uses co..