Quiz

  1. Could we talk more on the use of the difference of websites and servers

    Sure. The word "server" is used in lots of ways, because lots of things provide services.

    1. A mail server accepts email messages and provides them to authenticated users.
    2. A file server allows authenticated users to store and retrieve files from the server.
    3. An SSH server allows users to login to the server and run commands
    4. A web server hands out web pages to anyone who asks
    5. A server is a machine that runs 24/7 and runs software like some of the above (mail, file, ssh, web, etc)

    A website is a collection of web pages sitting on a web server. E.g. www.wellesley.edu

  2. I am still a bit confused about the difference between using rep.body and req.query; when to use which

    You use res.body when the request was sent from a FORM METHOD=POST

    you use res.query when the request was sent from a FORM METHOD=GET

  3. not sure if I missed this, but are cookies in the frontend or the backend?

    Both! They are sent back and forth between browser and server with each request.

    In practice, the browser often does nothing with them except send them back to the server, so they are often used for the backend to communicate with itself.

    The best metaphor is a "claim check".

  4. The cookie session diagram was kind of confusing to me

    Let's review it! cookies and also session

  5. how keys electronically signs a session

    That gets us a little outside the course into the field of cryptography, but let's give it a try:

    • Bob is trying to send a message to Alice. Charlie wants to confuse things.
    • Bob sends Alice the message M = "I love you, from Bob"
    • Charlie sends Alice the message N = "I don't love you, from Bob"
    • What is Alice to think?

    Instead:

    • Bob sends Alice the message M and also sends E(M) where M is encrypted with Bob's private key.
    • Alice uses Bob's public key to decrypt: M2 = D(E(M))
    • Alice compares: M == M2, so the message M is really from Bob! Bob loves me!

    Charlie doesn't have Bob's secret key, and so he can't fake E(M).

    This also means that if Charlie intercepts the message from Bob to Alice, he can't substitute N. He can't (successfully) tamper with M in any way.

  6. How do web applications ensure the security of session information stored in cookies, especially considering that cookies are stored on the client-side and could potentially be accessed or manipulated by users?

    In the scenario above, Charlie would be attempting to tamper with the cookie in the browser or in transit between browser and server.

  7. would love to go over flashing / flashing: I don't really understand how its different than rendering?

    It is rendering, but it's rendering from a store of messages. The server can easily put a message in the list of messages, and the renderer automatically (well, because we put the code in there) renders everything in the list of messages.

  8. Can we go through an example about flashing? I'm still not exactly sure what it is

    For sure.

  9. The link to the cookie demo didn't work for me, but watching the video worked fine (the link goes to https://cs.wellesley.edu/cs304app/cookies/)

    Sorry about the link. I'll fix that over the break.

  10. No questions yet (not in like a I completely understand it kind of way, but like I need the info to marinate in my brain kind of way), I think just going through it in class would be nice!

    I hope you have a sunny and restful break!

    Thanks!