INITIALIZING SECURE CHANNEL...









  


    

  

    CPU
    MEM
    NET
    PING9.2 ms
    SECSECURED
  

  

    
    COFFEE—WEB
    v4.0 // eu-1
  

  

    ONLINE 2 847
    --:--:--
  




    



    

      



  
  

    /english
    >
    11. Authentication & Security
  


  
  

    // УРОК 11
    
Authentication & Security

    

      B1
      
    

  


  
  

    
Authentication & Security Vocabulary


Auth Concepts




TermMeaning


authenticationVerifying WHO you are (login)


authorizationVerifying WHAT you can do (permissions)


JWTJSON Web Token — stateless auth token


OAuth 2.0Protocol for delegated authorization (Login with Google)


sessionServer-side state tracking for a logged-in user


hashingOne-way transformation of passwords (bcrypt, argon2)




Security Vocabulary


    

  • SQL injection — attack via malicious SQL in user input
    • 

  • XSS (Cross-Site Scripting) — injecting scripts into web pages
    • 

  • CSRF — tricking a user's browser into making unauthorized requests
    • 

  • rate limiting — preventing abuse by limiting requests per time window
    • 

  • least privilege — give only the minimum permissions needed
    • 



Useful Phrases


    

  • "We use JWT for stateless authentication across our microservices."
    • 

  • "Passwords are hashed using bcrypt with a salt before storing."
    • 

  • "We apply rate limiting on the login endpoint to prevent brute-force attacks."
    • 


  


  
  

    
    
      ← 10. Caching & Performance
    
    
    
    
      12. CI/CD & DevOps Vocabulary →
    
    
  


  
  
  

    

      // TERMINAL CHALLENGE
      
Проверь себя

    


    

      
      
      

        

          Q1.
          What is the difference between authentication and authorization?
        

        

          
          
          
          
          
          
          
          
          
        

        
      

      
      

        

          Q2.
          What is a JWT used for?
        

        

          
          
          
          
          
          
          
          
          
        

        
      

      
      

        

          Q3.
          What does 'hashing' a password mean?
        

        

          
          
          
          
          
          
          
          
          
        

        
      

      
      

        

          Q4.
          Which attack does rate limiting help prevent?
        

        

          
          
          
          
          
          
          
          
          
        

        
      

      
      

        

          Q5.
          Complete: 'We apply the ___ privilege principle — each service only has access to what it needs.'
        

        

          
          
          
          
          
          
          
          
          
        

        
      

      

      

        
        
      

    


    

  

  








    


  














    

        

            ╔═ GL1TCH v0.1 ═[ПОДКЛЮЧЕНО]═╗
            [×]
        

        

            

            СОЕДИНЕНИЕ АКТИВНО
            

                запросов:
                
            

        

        

            
// сессия #{} начата

        

        

            >_
            
            
        


        

            
[ РАЗРЫВ СВЯЗИ ]

            

                лимит исчерпан...

                иду спать... zzZ
            

            
            

                хочешь больше?
                [зарегистрироваться]
                // +10 запросов в день