Authentication and authorization are two concepts that form the basis of security in a web portal. However, a web portal is secure even when only one of them is implemented. Comment on this statement, supported by appropriate reasons and examples.
A gaming portal, which allows users to play games online, gathers information about the system of the users, when they first visit the portal and register to load a particular version of a game. The portal stores the information in cookies. If the users have disabled cookies on their machines, the portal script can handle this in two ways:
- Show an alert to the users that the portal will not work properly if the users do not enable cookies.
- Use cookie-less sessions, by using the URL method for passing the Session ID instead of cookies.
Which of the two ways do you think is easier and better in terms of performance? Discuss, giving appropriate reasons.
This material may consist of step-by-step explanations on how to solve a problem or examples of proper writing, including the use of citations, references, bibliographies, and formatting. This material is made available for the sole purpose of studying and learning - misuse is strictly forbidden.Answers
1. Authentication and authorization
a. Definition :
i. Authentication is any process by which we verify that someone is who they claim they are.
ii. Authorization is any process by which someone is allowed to be where they want to go, or to have information that they want to have.
b. A web portal is secure even when only one of them is implemented
The site needs to know whether the current user is valid. He/she could read the information on the site, post new information to the site when his login is authenticated. This process prevent unknown person does some bad thing on the system...