cs coe 1520
play

CS/COE 1520 pitt.edu/~ach54/cs1520 Authentication Access control - PowerPoint PPT Presentation

Mar 13, 2024 •336 likes •465 views

CS/COE 1520 pitt.edu/~ach54/cs1520 Authentication Access control vs. authentication We want to control how users can interact with information E.g., Users should only be able to view their own messages Users can only

  1. CS/COE 1520 pitt.edu/~ach54/cs1520 Authentication

  2. Access control vs. authentication ● We want to control how users can interact with information ○ E.g., ■ Users should only be able to view their own messages ■ Users can only update their own passwords ○ This is access control ■ What actions is a subject allowed to take on a given object? ● How do we determine the who a user is? ○ This is authentication ■ The binding of an identity to a subject 2

  3. General approaches to authentication ● Verify identity based on: ○ Something the user knows ■ E.g., password, PIN ○ Something the user has ■ E.g., ATM card, smart card ○ Something the user is ■ E.g., fingerprints, retinal scans ● Using multiple of these together leads to two-factor authentication ● Password authentication is (currently) the most widely-used authentication approach 3

  4. Using passwords in web applications ● Up until this point, we have used HTML forms to gather and submit usernames/passwords to the server, and then set a cookie (returned with all requests) to flag the user as "logged in" ○ Where is this approach going to fall short? ● Let's look at other approaches to web app authentication 4

  5. HTTP basic authentication ● Send username and password along with the HTTP header ○ Via the Authorization field of the header: GET / HTTP/1.1 Host: cs.pitt.edu Authorization: Basic Laha9aDS8n3q8bv … Type of Header field name Data authentication ○ Username and password are concatenated together with a single ":" and then Base64 encoded 5

  6. Base64 encoding ● Representing data as a sequence of base 64 numbers ○ 0-25 : A-Z ○ 26-51 : a-z ○ 52-61 : 0-9 ○ 62 : + ○ 63 : / ● To convert 8-bit encoded string to Base64, grab 3 bytes of input, turn it into 4 output characters ○ If only 1 or 2 bytes left, pad out Base64 output with = 6

  7. Grabbing basic HTTP auth in Flask ● Flask-HTTPAuth ○ An extension that allows us to easily use HTTP Auth within Flask routes ○ Initialized with auth = HTTPBasicAuth() ○ Decorators ■ @auth.login_required ■ @auth.verify_password 7

  8. Token authentication ● Have user acquire token and then send that along with requests. ○ E.g., you can access GitHub's API by sending a token along with your request header: ○ Why is this helpful? 8

  9. OAuth ● Allows a user to authorize a web app to access their data on another service 9

  10. OpenID ● An approach to federated authentication ● Allows the user to gather proof that they are the owner of some identity on another site ○ Does not delegate access to the user's data on that other site, however. ● Can be used to authenticate a user to get an OAuth token 10

  11. OAuth Example Authorization Resource 11

  12. Token Authorization ● Can use the Bearer type of Authorization in the HTTP header: ○ Authorization: Bearer TOKENGOESHERE 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS/COE 1520 pitt.edu/~ach54/cs1520 AJAX Where we stand so far With JavaScript, we said that

CS/COE 1520 pitt.edu/~ach54/cs1520 AJAX Where we stand so far With JavaScript, we said that

CS/COE 1520 pitt.edu/~ach54/cs1520 AJAX Where we stand so far With JavaScript, we said that we wanted to build dynamic web applications E.g., your battleship game With Flask, we started to utilize client/server interactions

570 views • 21 slides
CS/COE 1520 Recitation Week 2 TA: Jeongmin Lee TA: Jeong-Min Lee jlee@cs.pitt.edu Office

CS/COE 1520 Recitation Week 2 TA: Jeongmin Lee TA: Jeong-Min Lee jlee@cs.pitt.edu Office

CS/COE 1520 Recitation Week 2 TA: Jeongmin Lee TA: Jeong-Min Lee jlee@cs.pitt.edu Office Hours and Location Monday: 2:00 4:00pm and by appointment. Location: 5324 Senott Square Plan for today o GIT demo o JavaScript Discussion

546 views • 17 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 C C Developed by Dennis Ritchie as a language to build

CS/COE 1520 pitt.edu/~ach54/cs1520 C C Developed by Dennis Ritchie as a language to build

CS/COE 1520 pitt.edu/~ach54/cs1520 C C Developed by Dennis Ritchie as a language to build utilities for Unix Grew out of Ritchies work to improve the B programming language The first C Compiler was included with Version 2

400 views • 21 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 Server-side scripting with Flask Flask A micro web

CS/COE 1520 pitt.edu/~ach54/cs1520 Server-side scripting with Flask Flask A micro web

CS/COE 1520 pitt.edu/~ach54/cs1520 Server-side scripting with Flask Flask A micro web framework written in Python First release was in 2010 Current version (1.1.1) was released in July 2019 Currently powers LinkedIn and

278 views • 8 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 Introduction Meta-notes These notes are intended for

CS/COE 1520 pitt.edu/~ach54/cs1520 Introduction Meta-notes These notes are intended for

CS/COE 1520 pitt.edu/~ach54/cs1520 Introduction Meta-notes These notes are intended for use by students in CS1520 at the University of Pittsburgh. They are provided free of charge and may not be sold in any shape or form. These

539 views • 19 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 WebAssembly WebAssembly WebAssembly is a low-level

CS/COE 1520 pitt.edu/~ach54/cs1520 WebAssembly WebAssembly WebAssembly is a low-level

CS/COE 1520 pitt.edu/~ach54/cs1520 WebAssembly WebAssembly WebAssembly is a low-level language that runs within the web browser with near-native performance for those tasks that demand that level of performance Eg. Augmented/Virtual

312 views • 14 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 Web security Security basics: CIA Confidentiality

CS/COE 1520 pitt.edu/~ach54/cs1520 Web security Security basics: CIA Confidentiality

CS/COE 1520 pitt.edu/~ach54/cs1520 Web security Security basics: CIA Confidentiality Keeping information secret from those who should not be able to see it Integrity Two portions: Data integrity: has the content of

680 views • 19 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 Client-side scripting: An introduction to Javascript Why?

CS/COE 1520 pitt.edu/~ach54/cs1520 Client-side scripting: An introduction to Javascript Why?

CS/COE 1520 pitt.edu/~ach54/cs1520 Client-side scripting: An introduction to Javascript Why? By themselves, HTML and CSS can provide a description of the structure and presentation of a document to the browser A static document

461 views • 18 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 HTTP Overview and a Brief Introduction to Networking Render!

CS/COE 1520 pitt.edu/~ach54/cs1520 HTTP Overview and a Brief Introduction to Networking Render!

CS/COE 1520 pitt.edu/~ach54/cs1520 HTTP Overview and a Brief Introduction to Networking Render! 2 X I'd like to see X Gimme X 3 HTTP: the HyperText Transfer Protocol Originally developed by Sir Tim HTTP v1.0 standard presented

548 views • 20 slides
Ice Max Equipment A Southeast Cooler Corporation Company 1520 Westfork Drive Lithia Springs, GA

Ice Max Equipment A Southeast Cooler Corporation Company 1520 Westfork Drive Lithia Springs, GA

Ice Max Equipment A Southeast Cooler Corporation Company 1520 Westfork Drive Lithia Springs, GA 30122 Sold By SISCO Atlanta Office 770-945-2181 Dallas Office 972-691-4343 June 2008 Ice Handling

221 views • 11 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 Regular expressions Regular expressions Formally:

CS/COE 1520 pitt.edu/~ach54/cs1520 Regular expressions Regular expressions Formally:

CS/COE 1520 pitt.edu/~ach54/cs1520 Regular expressions Regular expressions Formally: Expressions that can be generated by regular languages, or that can be produced by a finite automaton Practically speaking: Patterns

229 views • 19 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 The DOM and event-driven programming document.write() adds

CS/COE 1520 pitt.edu/~ach54/cs1520 The DOM and event-driven programming document.write() adds

CS/COE 1520 pitt.edu/~ach54/cs1520 The DOM and event-driven programming document.write() adds to the HTML being rendered Very handy The JS console log is a bit more out of the way to get to Plus this allows us display output to

404 views • 12 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 Using Templates to Generate Views in Flask Jinja2 templating

CS/COE 1520 pitt.edu/~ach54/cs1520 Using Templates to Generate Views in Flask Jinja2 templating

CS/COE 1520 pitt.edu/~ach54/cs1520 Using Templates to Generate Views in Flask Jinja2 templating language Jinja templates are simply text files Include Jinja tags that will be expanded when the template is rendered Here, we'll

381 views • 8 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 React A terrible introduction to React: class Square

CS/COE 1520 pitt.edu/~ach54/cs1520 React A terrible introduction to React: class Square

CS/COE 1520 pitt.edu/~ach54/cs1520 React A terrible introduction to React: class Square extends React.Component { ??? render() { return ( <button className="square" onClick={ function() { alert('click'); } ??? }>

781 views • 26 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 Python Python Guido van Rossum Guido van Rossum

CS/COE 1520 pitt.edu/~ach54/cs1520 Python Python Guido van Rossum Guido van Rossum

CS/COE 1520 pitt.edu/~ach54/cs1520 Python Python Guido van Rossum Guido van Rossum started development on Python in 1989 as a project to keep him busy over the holiday break when his office was closed van Rossum is Python's

600 views • 39 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 Developing Models in Flask Database overview Our models

CS/COE 1520 pitt.edu/~ach54/cs1520 Developing Models in Flask Database overview Our models

CS/COE 1520 pitt.edu/~ach54/cs1520 Developing Models in Flask Database overview Our models are going to represent the state of a database that contains all of the data used by our web application We'll assume the use of transactional

515 views • 17 slides
Parts-based Concept Detectors Dong-Qing Zhang, Shih-Fu Chang, Winston Hsu, Lexin Xie, Eric

Parts-based Concept Detectors Dong-Qing Zhang, Shih-Fu Chang, Winston Hsu, Lexin Xie, Eric

TRECVI D 2005 Workshop Columbia University High-Level Feature Detection: Parts-based Concept Detectors Dong-Qing Zhang, Shih-Fu Chang, Winston Hsu, Lexin Xie, Eric Zavesky Digital Video and Multimedia Lab Columbia University (In collaboration

289 views • 27 slides
Efficient Pattern Recognition Algorithm Including a Fast Retina Keypoint FPGA Implementation

Efficient Pattern Recognition Algorithm Including a Fast Retina Keypoint FPGA Implementation

Efficient Pattern Recognition Algorithm Including a Fast Retina Keypoint FPGA Implementation Lester Kalms Maximilian Hajduk Diana Ghringer Technische Universitt Technische Universitt Technische Universitt Dresden, Germany Dresden,

1.35k views • 25 slides
Modeling the Visual System Dr. James A. Bednar jbednar@inf.ed.ac.uk

Modeling the Visual System Dr. James A. Bednar jbednar@inf.ed.ac.uk

Modeling the Visual System Dr. James A. Bednar jbednar@inf.ed.ac.uk http://homepages.inf.ed.ac.uk/jbednar CNV Spring 2008: Modeling background 1 Sample network to model CMVC figure 3.1a Tangential section with a small subset of neurons

467 views • 27 slides
The Hunt for the QCD Axion Johar Muhammad Ashfaque University of Liverpool Birds born in a

The Hunt for the QCD Axion Johar Muhammad Ashfaque University of Liverpool Birds born in a

The Hunt for the QCD Axion Johar Muhammad Ashfaque University of Liverpool Birds born in a cage think flying is an illness. Alejandro Jodorowsky Johar Muhammad Ashfaque String Phenomenology Motivation Quantum chromodynamics (QCD) is a

510 views • 24 slides
Learning Object Categories from Googles Image Search R. Fergus et al R. Fergus et al Present

Learning Object Categories from Googles Image Search R. Fergus et al R. Fergus et al Present

Learning Object Categories from Googles Image Search R. Fergus et al R. Fergus et al Present by Jie Xiao Dept. of Computer Science Univ. of Texas at San Antonio Outline Motivation Bag of words Model Approaches (pLSA, ABS-pLSA,

297 views • 28 slides
Ocular Ocular Pointers and pitfalls in: trauma trauma Corneal injuries Globe

Ocular Ocular Pointers and pitfalls in: trauma trauma Corneal injuries Globe

2/1/2013 objectives Ocular Ocular Pointers and pitfalls in: trauma trauma Corneal injuries Globe injuries Eyelid lacerations David Duong, MD MS David Duong, MD MS University of California, San Francisco University of

603 views • 6 slides
Interaco Homem-Mquina 2- Os Humanos Pedro Campos dme.uma.pt/pcampos pcampos@uma.pt O

Interaco Homem-Mquina 2- Os Humanos Pedro Campos dme.uma.pt/pcampos pcampos@uma.pt O

Interaco Homem-Mquina 2- Os Humanos Pedro Campos dme.uma.pt/pcampos pcampos@uma.pt O Modelo Humano de Processamento Viso simplificada do processamento humano envolvido na interaco com um sistema computacional Os Humanos

432 views • 27 slides
Biometric T echnologies Dr. Issa Traore ECE Department, University of Victoria Information

Biometric T echnologies Dr. Issa Traore ECE Department, University of Victoria Information

Biometric T echnologies Dr. Issa Traore ECE Department, University of Victoria Information Security and Object T echnology (ISOT) Lab http://www.isot.ece.uvic.ca 1 Agenda Introduction Applications Requirements Biometric

268 views • 16 slides

More recommend