To Lecture Notes

IT 231 -- 11/6/12

Review Questions

1. What is a cryptographic hash?
   Ans: A cryptographic hash is an algorithm that takes an arbitrary message (maybe a password) and produces a fixed length hex string of digits. For a good hash algorithm, it is very difficult or impossible to recover the original message from the fixed length hex string.
    
2. How is a cryptographic hash used to encode passwords?
   Ans: The password is encoded with the hash algorithm. Then the encoded password is stored in the password database.
    
3. What are some characteristics of a good password?
   Ans: A good password is not found in the dictionary. It contains some digits and/or special characters like !@#$%^&*(){}[];:<>?/.
    
4. What are some algorithms that are used to create cryptographic hashes?
   Ans: MD5 (Message Digest), SHA1, SHA2 (Secure Hash Algorithm).
    
5. How can you use Ruby to create a cryptographic hash?
   

   require 'digest/md5'
   password = "umbrella11992288337744665%"
   print Digest::MD5.hexdigest(message), "\n"
   

Maintaining State

• HTTP by itself is a stateless technology.
   
• This means that neither the HTML page nor the controller can remember the values of variables during previous submissions of that same page.
   
• Client-server systems, including Ruby on Rails, have three ways of maintaining state:
   
  
  1. By passing parameters back to the controller (via params).
      
  2. By storing it in the database.
      
  3. By storing it in a session variable on the server.
  
  
• The session variable stores data by key. It is available across all browser instances for a user. It is maintained until all browser instances are closed.
   
• One problem with storing the session variable on the server is that modern databases for large corporations often use server farms of multiple servers. Storing the session variable on the server is problematic with multiple servers.
   
• By default, Rails stores the session variable as a cookie on the client machine's harddrive.
   
• The Rails programmer has the option of switching the session variable to the Rails database instead.
   
• The following statement stores data in the session variable using the key :info:
  

  session[:info] = @data
  

  To retrieve data from the session variable:

  @data = session[:info] 
  

• A session variable can be used to remember if the user is logged in. If the user is not logged in, redirect the page to the login page.
   
• Do this tutorial: Implementing a Login Page for a Website.