View Forum Topic

Forums
CS5220
Misunderstanding of HW3 Question 2

Author	Message
Victor Posts: 23	Posted 12:07 Oct 12, 2018 \| Hi Professor. I'm trying to make sure I understand this statement: You may use a default user for any operation that requires an authenticated user. In my system, the user with an id of 2 is an event organizer, so when he creates an event, it's automatically approved. Does this satisfy the instruction (default user) or do you mean that everyone creates approved events?
cysun Posts: 2935	Posted 14:15 Oct 12, 2018 \| The problem is that when a request comes in, you don't know which user sent it. In a web application, a user first needs to login, then a session is created, and then you know subsequent requests are from this user. In RESTful web services, there's a similar process, except that instead of a session, a token is usually used. We haven't talked about security yet, which is why the homework didn't ask you to implement a login operation. Without login, you don't know who sent the request, but for this assignment, you can assume it's from a certain user.

Author

Message

Victor

Posts: 23

Posted 12:07 Oct 12, 2018 |

Hi Professor.

I'm trying to make sure I understand this statement: You may use a default user for any operation that requires an authenticated user.

In my system, the user with an id of 2 is an event organizer, so when he creates an event, it's automatically approved.

Does this satisfy the instruction (default user) or do you mean that everyone creates approved events?

cysun

Posts: 2935

Posted 14:15 Oct 12, 2018 |

The problem is that when a request comes in, you don't know which user sent it.

In a web application, a user first needs to login, then a session is created, and then you know subsequent requests are from this user.

In RESTful web services, there's a similar process, except that instead of a session, a token is usually used.

We haven't talked about security yet, which is why the homework didn't ask you to implement a login operation. Without login, you don't know who sent the request, but for this assignment, you can assume it's from a certain user.