분류 전체보기
-
Same-origin Security PolicyWeb/Security 2019. 8. 30. 11:27
1. Overview An origin defined as a combination of URI scheme, hostname, and port number should be the same between two pages interact data with scripts. This policy prevents a malicious script on one page from obtaining access to sensitive data on another web page through that page's Document Object Model(DOM). 2. Description 2.1 Examples Compared URL Outcome Reason http://www.example.com/dir/pa..
-
Open Authorization(OAuth) 2.0Web/Security 2019. 8. 29. 15:05
1. Overview OAuth is an open standard protocol for authentication External service functions can be used in other applications OAuth2.0 is not compatible with 1.0, but the authentication process is simple 1.1 Difference between OAuth and Login Login is when a member of the A service uses the A service In the case of OAuth, the B service performs authentication and authentication through the meth..
-
Difference between Signing and Encryption with OpenPGPWeb/Security 2019. 8. 29. 09:57
1. Overview Let's distribute Signing and Encryption with OpenPGP 2. Purpose Preserve confidentiality and privacy To meet some business regulations of security To make sensitive data unreadable to unauthorized parites Data Integrity Not altered from its original form Message AUthentication(Proof of Origin) Ensuring message came from the purported sender Non-repudiation That the sender cannot deny..
-
Encoding, Encryption, Hashing, and ObfuscationWeb/Security 2019. 8. 28. 10:39
1. Overview Let's distinguish these confusing concepts 2. Description 2.1 Encoding The purpose of encoding is to transform data so that it can be properly and safely consumed by a different type of system. For example, binary data being sent over email, or viewing special characters on a web page. The goal is not to keep information secret, but rather to ensure that it's able to be properly cons..
-
Authentication and AuthorizationWeb/Security 2019. 8. 27. 21:55
1. Overview Authentication is the process of ascertaining that somebody really is who they claim to be. And Authorization refers to rules that determine who is allowed to do what. E.g. Adam may be authorized to create and delete databases, while Usama is only authorized to read. 1.1 Authentication Login + password Who you are 1.2 Authorization Permissions What you are allowed to do 2. Descriptio..
-
JWT, JWS, JWE, JWA, and JWKWeb/Security 2019. 8. 27. 21:53
1. Overview JWT is used to transport user identity/entitlements between interested parties in a secure manner. JWS and JWE are instances of the JWT when used compact serialization JWS and JWE can be serialized using either the compact serialization or JSON serialization JWT doesn't' define a specific binding, but in practice, JWT tokens are transported over HTTPS under the Authorization Bearer h..
-
Spring SessionFramework/SPRING 2019. 8. 27. 21:48
1. Overview Spring Session provides an API and implementations for managing a user’s session information. Spring Session has the simple goal of free up session management from the limitations of the HTTP session stored in the server. Spring Session to manage authentication information in a web app. While Spring Session can persist data using JDBC, Gemfire, or MongoDB, or in-memory Redis. 2. When..
-
TDD processing with examplesTestMetric 2019. 8. 27. 20:47
1. Overview TDD is a design tool, enabling us to drive some implementation with the help of tests. It validates if that code results in the expected state(state testing) or executes the expected sequence of events(behavior testing). It helps a developer to verify the logic of a piece of the program is correct. Running tests automatically helps to identify software regressions introduced by chang..