Web sys Role of Cookies

Ace your homework & exams now with Quizwiz!

These are ________ of _________, Session, Persistent, Secure, Http Only, Third-Party, Zombie.

Types, Cookies

Secure cookie only can be transmitted over _________ connection

Encrypted

Cookies were discussed in two US Federal Trade Commission hearings in ________ and ________

1996, 1997

In February _______, the working group identified __________ cookies as considerable threat to privacy, the specification was published by RFC 2109 in February 1997

1996, third-party

Cookie specification require that the browser can support at least _______ bytes in size, can store at least ______ cookies per domain and can store at least a total of _______ cookies in total

4096, 50, 3000

The general size of cookies are ________

4KB

The value of a cookie may contain any printable __________ characters and the name may contain a = sign

ASCII

Cookies do not identify a person, they identify a combination of user __________ a computer and __________

Accounts, web-browser

_________ cookies are used by webservers to know when you are logged in and to send sensitive information. Security _________ may allow the data to read by hackers.

Authentication, vulnerability

The browser ________ can be used to store JavaScript which won't download to the user computer but launch in the browser and track the users activity.

Cache

________ helps to recreate Zombie cookies when they are deleted. the content are stored in multiple locations like flash local storage, Html5 storage, when the cookie absence is detected it, gets recreated from the stored contents.

Client-side scripting

Cookies are arbitrary piece of data sent by the server and stored on the _________ by the __________

Computer, browser

The Structure of cookies are: the Name, ___________, information it contains, __________, using this cookie, ________, page where it is used, _______, Accessible to script (yes or no), Created (the date), and Expires.

Content, Domain, Path, Send for

The term ________ _____ is sometimes used to refer to a cookies name-value pair

Cookie crumb

_______ are small pieces of data sent between a ______ and a receiver.

Cookie, sender

A cookie is ________ and _______ by the sender, while the receiver only holds it and sends it back if the receiver asks for it.

Created, interpreted

Http-only cookie can only be transfer over http or https, this restriction mitigate but does not eliminate the threat of ________ _______

Cross-site scripting (XSS)

Today cookie no longer store the data of a shopping cart, that is stored in a _________

Database

JavaScript can use to set cookie the Object ______________ is used for this purpose

Document.cookie

The first browser to use and support cookies was ________ ________

Mosaic Netscape

These _________ cookies work on sites that users perform financial transaction and ensure your information is protected, they are called ___________

Encrypted, Secure-cookies

Cookies are supported more in the _____ ______ on mobile devices

Far East

Originally, cookies were not known and was accepted by default, until the _______ ______ published un article about them in February 12, 1996.

Financial Times

A browser's _____ can be used to identify a user, it has version number, screen resolution and OS

Fingerprint

______ cookie are also called web, internet, browser or just cookie.

Http

Http Only cookies can only be used by _______ ______ they do not imply any privacy or security risks for users.

Http protocol

________ is an alternative to tracking cookies but it is not reliable since users are often behind a firewall or NAT

IP Address

Apple uses a tracking technique called ______ _________(IDFA) to track their shoppers in order to send them the right ads.

Identifier For Advertisers

Besides privacy concerns, cookies have technical drawbacks, they don't accurately _______ users, they can be used for security attack and they are often at odds with __________ architectural style.

Identify, REST

The purpose of cookies are to ________ the user, check for his past _______ on the website and provide appropriate content based on this data.

Identify, activity

Cookie was created by Lou Montulli in 1994 at Netscape for ________

MCI

The term cookie came from _________ ________ which is a packet of data a program receives and sends back unchanged.

Magic cookie

A session cookie, also known as _________ cookie or transient cookie exist only in memory while the user navigates the website. Session cookies do not have _________

In-memory, expiration-dates

An attacker could use __________ cookies to impersonate a user and perform malicious attack.

Intercepted

Using HTTP-only cookies will mitigate cross-site scripting since these cookies are not accessible by ___________ language.

JavaScript

Cookies were first used in ______ ______ by an employee of Netscape communication for an ecommerce application.

July 1994

Flash, silverlight also use _________ storage and is similar to persistent cookie.

Local

Tracking cookies are commonly used to compile __________ records that prompt the European and US law makers to take action in 2011.

Long-term

Minimum content of a cookie are _______, _______ zero or more attributes

Name, Value

Browsers do not send cookie attribute back to the server, they only send the ________ and _____

Name, value

Mosaic Netscape was the first browser to use cookies and did it in _______ _________

October 1994

By default internet explorer allows third-party cookies only if they are accompanied by a __________ compact policy (CP) field

P3P (privacy third party)

Session cookies also helps to improve ________ ______ times

Page load

________ cookies are called _______ cookies, they last on the users computer until deleted or expire.

Persistent, tracking

Many websites use cookies for ____________ based on the user's ___________

Personalization, preferences

Etags work similar to ___________ cookies but they can be removed by clearing the browser's cache

Pesistent

Most modern web browsers contain ______ settings that can block third-party cookies

Privacy

Hidden form fields can use to track session, it is similar to the URL _____

Query strings

RFC 2109 was superseded by ________ in October 2000

RFC 2965

The older RFC 2109 and 2965 specify that browsers should protect user privacy but the newer standard __________ explicitly allows user agents to implement third party cookie.

RFC 6265

When a server asks for a cookie, it _______ it and _______ a particular configuration of the website for that specific user.

Reads, loads

Cookie identification is very useful especially on websites where ______ user _______ is critical.

Real-time, data

Cookies are set using the HTTP ____________ header, sent in an HTTP _______

Set-cookie, Response

Cookies were designed to be _________ mechanism for websites to remember _________ information or activity including clicking buttons and visited pages.

Reliable, stateful

The Domain and Path attribute defines the _______ of the cookie

Scope

If a browser set the _________ flag while setting a cookie the browser will use TLS to send the cookie.

Secure

When browsing the web, the cookie sender is the _______ on which a website runs and the receiver is the __________ of the user that visits that website.

Server, web-browser

Cookies used for login page has a unique _________ _________

Session Identifier

Window.name is also a security risk it can be used for __________

Session tracking

______ cookies are of the most common types, they exist in temporary ________ not harmful and deletes the information when the browser is closed.

Session, memory

The first time a user visits a website the server ______ a particular cookie in the _______ of that user. when the user visits again the server asks for it.

Stores, web-browser

Storing data that identifies a session in a query ________ enables or simplifies session fixation attacks.

String

_______ cookie are used to track technologies that do not use http cookies.

Super

A HTTP Response will instruct the browser to store the cookie, the browser will ignore the header if it does not ___________ cookies or has _________ cookies.

Support, disabled

You can think of a cookie like a ______ applied by web servers to every user.

Tag

True or False, the text on the left of = is the name and the number on the right is the value

True

________ ________ Cookies belong to a different domain other than the one that sent them. They are usually sent by ads and store users browsing history across multiple system that use the same ads.

Third party

Super cookie originate from _________ such as .com, they are often block by browsers, it can maliciously affect a user visiting another .com site even if don't belong to that site.

Top-Level Domain

Persistent cookies are sometimes referred to as ___________ cookies because they expire when the creator intends,, they don't lose the info when the user logs of like ________ cookies, they keep sending info every time the user logs on to the site.

Tracking, session

If a request to a site do not contain a cookie, the server assume its the first page being visited, create a ___________ (string of letters and numbers) and sends it along with the page back to browser

Unique-identifier

Cookies provided a solution to the problem of reliably implementing a _______ __________

Virtual, shopping-cart

Only security products can remove ________ cookies, they recreate themselves if the user deletes them, they are stored outside the browsers, they can be used for malicious purpose because the browser cannot control their existence.

Zombie

HTML5 supports local session storage and is _________ to persistent cookies

similar


Related study sets

Fotosíntesis Proceso Anabólico

View Set

PRINCIPLES OF REAL ESTATE QUESTIONS

View Set

Investment Analysis Chapter 2 Study Questions

View Set

Biochemistry Quiz I, Biochemistry Midterm

View Set

SUA Chapter 1: Accounting System

View Set