Give an example of where session
management should be used in an online application. Web pages are
typically requested distinctly and not as a group or even identified by
user. How does this feature change when session management is enacted?
In your example, what would happen to the system without session
management? Suggest how this system could be compromised by an attacker
if session management was not used.
Give an example showing
why authentication is necessary as a point of entry into an
application. What type of information is being protected by
authentication in this case? What levels of users can you imagine for
this example? What would happen if authentication was not used in this
example? Justify your answers.
Give an example of where passwords could be stored
safely in an online application. How would you suggest protecting them
from accidental or brute-force discovery? What other modifications
would you include to protect the passwords from compromise? Justify