Post

Interview_SOP/ CORS/ REST/ SOAP/ cache/ proxy/load balancing

Posted
By So Hee Park 5 min read

πŸ“Œ SOP, CORS, XXS, CSRF, SQL injection, XML injection

βœ… What is origin? - protocol βž• host βž• port


βœ… What is SOP? - Same Origin Policy
- resource can be shared only between same server/same domain/same origin


βœ… What are the benefits of SOP? - prevent from malicious attacks such as XXS, CSRF, SQL injection


βœ… What is XXS? And how can we prevent? - Cross Site Scripting
- malicious scripts into web pages
- steal data, impersonate the user, or manipulate the webpage's content
- steal cookies, session tokens, credentials

πŸ’Š input validation
πŸ’Š output encoding
πŸ’Š CSP: content security policy
πŸ’Š μ€‘μš” cookie HTTP ONLY


βœ… Input validation μ–΄λ–»κ²Œ κ΅¬ν˜„ν•˜λŠ”μ§€? - 폼 데이터
- Script tag 걸러주기
- 인풋에 특수문자 μ‚­μ œν•˜κΈ°, 일반 문자둜 λ°”κΎΈκΈ°


βœ… What is CSRF? And how can we prevent? - Cross Site Rquest Forgery
- web-based attack - trick a user into performing an unwanted action on a website where they are already authenticated
- transfer funds, change passwords, or perform other actions without the user’s consent.

πŸ’Š CSRF token
πŸ’Š cookie `SameSite` only header
πŸ’Š CAPTCHA


βœ… What is SQL injection? And how can we prevent? - insert malicious SQL code
- Use URL parameter, form fields, cookies, POST data, HTTP headers
- like delete user

πŸ’Š input validation
πŸ’Š sanitize user data
πŸ’Š WAF


βœ… What XML injection? And how can we prevent? - insert malicious code to trusted site
- XML bomb
- XXE

πŸ’Š input validation
πŸ’Š sanitiza user data
πŸ’Š WAF


βœ… What is CORS? - Cross Origin Resource Sharing
- for frontend, backend to communicate


βœ… How can we prevent CORS error? 1. browser extension
2. proxy server
3. backend settings: add `Access-Control-Allow-Origin` to `HTTP response header`


βœ… What is proxy? - Proxy between client and server as intermediary
- Proxy server will allow resource shared between different origin
- solution to CORS error


πŸ“Œ REST, SOAP

βœ… What is SOAP? When is it used? - Simple Object Access Protocol
- Protocol to exchange structured information
- exchange XML messages

πŸ‘πŸ» transaction, more secure
πŸ‘πŸ» ACID(Automicity, Consistency, Isolation, Durability)
πŸ‘ŽπŸ» complex message
πŸ‘ŽπŸ» so strict! more rules.


βœ… What is REST? - Representational State Transfer
- μžμ›μ„ μ΄λ¦„μœΌλ‘œ ꡬ뢄(URI), μžμ›μ˜ μƒνƒœλ₯Ό μ£Όκ³ λ°›κΈ°
- architectural structure to create APIs
- state: HTTP Status code
- HTTP URI, HTTP Method


βœ… What is a Restful API? What are the conditions? - API that follows the REST architecture
- HTTP CRUD νŠΉμ§•μ„ 많이 가진닀.

- client-server
- statelessness
- cache
- layered system
- uniform interface
- URI
- self-descriptive message
- HATEOAS
- code-on-demand(optional)


βœ… How is the maturity level of REST? - URI
- HTTP Methods
- HATEOAS
- L0: single URI, single verb
- L1: multiple URIs, single verb
- L2: multiple URIs, multiple verbs
- L3: HATEOAS


URI πŸ†š URN πŸ†š URL

βœ… Difference between URI, URN, URL? - URI βŠƒ URL, URN


βœ… Why do we need URN, when we have URL? - location of the resource can change
- URL can change
- URN will remain fixed


πŸ“Œ Web cache

βœ… What is web cache? What are the benefits of using cache? - copied data to remember frequent request
πŸ‘πŸ» reduce network bottleneck
πŸ‘πŸ» bandwidth ⬆️


βœ… What is cache hit, miss? - cache hit: find request in cache
- cache miss: do not find request in cache, need to go to original server


βœ… What is cache revalidation? - check if cache data is identical to original server data


πŸ“Œ Proxy server

βœ… What is proxy server? - intermediary between server-client
- connect application using same protocol


βœ… Forward proxy server? - ν΄λΌμ΄μ–ΈνŠΈ μ•žμ—
- exit point from client to server
- outbound traffic
- protect client information


βœ… Reserse proxy server? - μ„œλ²„ μ•žμ—
- entry point to server
- inbound traffic - protect server


βœ… What are some functions of a proxy server? - load balancing
- security
- caching
- SSL termination
- filtering
- access control
- surrogate: reverse proxy
- contents router
- transcoder
- anoymizer


Proxy πŸ†š Gateway - proxy: connect application using same protocol
- gateway: connect application using different protocol


Proxy πŸ†š VPN - proxy: handle network traffic
- VPN: encrypt transmitted data


βœ… Is WAF a reverse proxy? - YES. intercept traffic before reaching server


πŸ“Œ Load Balancing

βœ… What does a level 4 load balancer do? - route traffic based on IPs and TCP, UDP ports
- packet level load balancing
- unable to make routing decisions based on contet, media type, localization rules
- ASIC


βœ… What does a level 7 load balancer do? - routing decisions based on IP, TCP, UDP, ports, HTTP
- makes content based routing decisions
- acts as a proxy: contain two TCP connections
(one with client, another with server)


πŸ“Œ Request timeout

βœ… Why do we use timeout? - networks are unreliable
- set a max wait time on request
- client: how long client will wait for response
- server: how long to maintain connection


βœ… What is a connection timeout? - how long the client will wait for a connection to establish
- TCP μ—°κ²° 확립이 μˆ˜ν–‰λ˜λŠ”λ° κ±Έλ¦¬λŠ” μ΅œλŒ€ μ‹œκ°„


βœ… What is a write timeout? - how long connection will wait while the client tries to send a data, like POST


βœ… What is a read timeout? - time it takes to recieve response back from the server
- μš”μ²­κ³Ό 응닡이 μˆ˜ν–‰λ˜λŠ”λ° κ±Έλ¦¬λŠ” μ΅œλŒ€ μ‹œκ°„


Computer Science, Network
interview
This post is licensed under CC BY 4.0 by the author.