![[우테코] level-4 / kangoll & hailey's English class](/assets/images/thumbnail/woowa-level4-kangoll-hailey-english-class.png)
요약
헤일리와 함께하는 10분 영어 클래스 내용을 정리했습니다.
각자 발표하고 싶은 주제를 찾아와서 약 10분간 영어로 설명해줍니다.
모르는 내용이 있거나 궁금한 내용이 있다면 영어로 대화합니다 💬
목차
- 0925 - http VS https
- 1001 - cookies, sessions, tokens
- 1015 - Browser Storage
- 1015 - Symmetric key ciphers and asymmetric key ciphers
0925 - http VS https
Summery
http & https : protocol - the way the web browser and server communicate
✅ What is HTTP
- standard protocol for exchanging information on the web
- structure : ( broser(request) → server(response)) : Html, image, data…
- problem : Unencrypted and sent to Plain Text
Unencrypted : 암호화 되지 않음
✅ What is HTTPS
- Http + security(-S) Certificate (SSL/TLS)
- https is a protocol with a security certificate added to http.
- protect http communications with SSL/TLS encryption
- Gain data integrity : data is not tampered with in the middle
- so, Even if the communication is intercepted, the content is unknown > only encrypted data is visible
SSL/TLS’s Role
SSL : Secure Sockets Layer
TLS : Transport Layer Security (standard)
- Encryption : no one else can see the content
- Authentication : Proof that the server is real
- Integrity : Ensure data is not tampered with
Certificate : 인증서 / encryption : 암호화 / gain : 얻다integrity : 청렴 , 무결성셔 (not loss : 손실 X) / tampered : 참견하다Even if : ~ 하게 되더라도 / intercepted : 가로채다 / encrypted : 암호화된
✅ conclusion
- HTTP has announced the start of the web, but there are too many security problems
- In the future, HTTPS will be used instead of HTTP, and the web without security will gradually disappear
integral : 없어서는 안 될 / gradually : 점진적으로
🔝 목차로 돌아가기
1001 - cookies, sessions, tokens
typical ways a server authenticates a client
typical : 대표적인
✅ Cookie
- string information in the form of key-value, stored in the client browser
- method of - identifying users, by sending cookies together on request
advantages
simple way to implement
disadvantages
be weak in security & Capacity limits exist
cookie size increases → Network load occurs
identifying : 식별하다 / implement : 도구, 수단
✅ Sessions
Manage sensitive information on the server side
Store session ID only in cookie form on client
advantages
Safer management than cookies
disadvantages
Risk of session ID hijacking
Requires session storage on the server
manage : 관리하다 (계획, 통제의 느낌) / handle (유사어) : 어떤 문제를 직접 처리하다. (즉각적인 상황)hijacking : 납치하다, 강탈하다
✅ Token
- once the client is authenticated to the server, the server issues a Token (informed value)
- client presents this token on each request to prove authentication
advantages
stateless characteristic : it does not maintain the state
Minimize DB inquiry
disadvantages
Payload is simple encoding and cannot store sensitive information
Difficult to deal with token takeover
issues : 발급하다, 발행하다 / informed : 정보를 제공하다stateless : 무상태 - 과거의 기록을 기억하지 않고 그때그때 정보만 바로 처리한다.inquiry : 조회 / sensitive : 민감한 ; deal : 대처하다 /   takeover : 탈취
JWT (JSON Web Token)
JSON-based token with authentication information
- structrue:
Header.Payload.Signature- Header: Define which algorithm to sign
- Payload: Information Required for Authentication
Signature: combines Header and Payload with SecretKey
advantages
can block forgery through Signature verification
forgery : 위조 / 도용
🔝 목차로 돌아가기
1015 - Browser Storage
Last time, we talked about cookies, sessions, and tokens (that manage status/authentication with servers.)
In this session, we will present about browser storage.
Browser storage is a method of storing directly in a client (browser).
storing : 저장 (n) / directly : 직접적으로(n)
✅ Cookies
Oldest method used by server/client together
- Capacity: ~4KB
- Mainly used for session maintenance, ad tracking
-
But, Security issues (XSS, CSRF)
- XSS : (Cross-site script) : vulnerability where an attacker’s embedded script runs in a user’s browser.
- CSRF : (Content Security Policy) : attack that exploits the authentication of a logged-in user (to execute an unwanted state change request.)
Oldest : 가장 오래된 / Mainly : 주로 / Vulnerability : 취약embedded : 끼워 넣어지다 / exploits : 이용하다
✅ Local Storage
- Domain units, persistent storage (remains if not cleared)
- Capacity: 5-10 MB
- can only store string
- ex) Set dark mode, maintain language selection
persistent : 영구적인 / exploits : 이용하다 / abstract : 추상적인
✅ Session Storage
- Similar to Local Storage, but per tab
- Disappear when tab is closer
- If you close the tab during payment, it will fly
✅ IndexedDB & Cache Storage
IndexedDB
- Large Data Storage (Hundreds of MB or more)
- Structured data, transaction support
- Asynchronous Processing
- Gmail Offline Mode
Cache Storage
- Save network request/response objects
- Can provide resources offline
🔝 목차로 돌아가기
1015 - Symmetric key ciphers and asymmetric key ciphers
✅ Introduction - Why We Need Encryption
Encryption is one of the most essential technologies to protect our data
when we send information over the internet - like passwords, messages - it passes through many servers and networks.
Without encryption, anyone could intercept and read that data.
To avoid this risk, data is encrypted and transmitted.
In modern networks, there are two main types of encryption:
symmetric and asymmetric.
over : ~를 통해서 / pass (through) : 통과하다,지나가다
✅ Symmetric Encryption
The same key is used for both encryption and decryption.
In symmetric encryption, the sender and receiver share one secret key.
The sender uses this key to encrypt the data, and the receiver uses the same key to decrypt it.
Therefore, the sender and receiver must share the same key in advance
feature
Because it uses only one key, symmetric encryption is fast and efficient, But key transfer is difficult
If the key is leaked, all the data becomes dangerous.
used for both + N : 둘 다에 사용되다 / in advance : 사전에 / leaked : 유출되다
✅ Asymmetric Encryption
Uses a pair of keys — a public key and a private key.
- The public key can be shared with anyone
used for both + N : 둘 다에 사용되다 /
Never miss a story from us, subscribe to our
newsletter