Security
-
JWT, JWS, JWE, JWA, and JWKWeb/Security 2019. 8. 27. 21:53
1. Overview JWT is used to transport user identity/entitlements between interested parties in a secure manner. JWS and JWE are instances of the JWT when used compact serialization JWS and JWE can be serialized using either the compact serialization or JSON serialization JWT doesn't' define a specific binding, but in practice, JWT tokens are transported over HTTPS under the Authorization Bearer h..
-
Session and CookieWeb/Security 2019. 8. 23. 13:22
1. Overview 1.1 Session Storing user-related data across different requests. Server-side storage holding contextual data 1.2 Cookie Storing a small piece of the date on client-side Used to identify a client Used for passing some data from one servlet to another 2. Session If we access the JSP page for the first time, then a new session gets created by default. In most cases, a web server uses co..