quiz4 110

What is the purpose of httpOnly: true?

Prevents JavaScript access to cookies

Which attack attempts to inject malicious SQL statements into a dbms query?

SQL Injection

Which file stores project dependencies?

package.json

What problem could occur here?
app.use ….

The session secret is weak and hence insecure

Whats the primary goal of Cross Site Scripting?

Steal or manipulate user data through injected JavaScript

An application (like our Book Management App) allows user to click “login with Google”…. OAuth login?

Google authenticates the user and sends identity information back to the application.

function ensureAuth (req, res, next) {
…..
res.status
…
}
What happens if next() is removed from the authenticated branch?

The request may never reach the route handler

What is npm used for?

Package management

In lecture we went over the Book Management App…. Whats the purpose of including this route?

Returns logged in user information based on info included fin the request

Whats the purpose of next() in this middleware?

Passes control to the next middleware?

Whats the potential problem with this code? The code creates a User schema?

This creates the User schema in MongoDB, but the password is stored as raw string and not hashed.

Which of the following is the BEST defense against SQL injection in Node.js applications?

Using prepared statements/parameterized queries

What does this line do?
await.Book.create(req,body)

Book is a schema, and create creates a new MongoDB document.

Whats the security purpose of this line (secret:process.env.SESSION_SECRET)?

Signs and protects session cookies from tampering.

Whats the difference between useState and useEffect in React?
functionApp() {
….
}

useState stores component data while useEffect runs side effects like fetching data

Whats the main reason await is used below?

Waits for a database query to finish

Which attack tricks a logged in user into submitting an unwanted request?

CSRF

Which file stores project dependencies?