- controller
- In MVC design, the controller is in charge of things. It takes
processes events and decides what data to ask the model for,
manipulates the data according to the information in the event, and
decides which view to send the results to to be rendered.
- CSRF
Cross-site request forgery is a
technique where a malicious website can gain access to another web
site by hijaacking a currently open session that the user has open to
the site. This technique can also affect identification via SSL
Certificates or anything else that the browser sends to the server
automatically when a request is made.
- Dojo
Dojo is a JavaScript toolkit that aims to be a standard library for
JavaScript. It provides a small core library with useful functions
and an expanded set of scripts that can be added that provide widgets
and other features.
- double submit
- A strategy to foil CSRF attacks. This strategy involves
sending the value of the authentication cookie (or something derivable
only from knowing the value of the authentication cookie) in the body
of the request. Since the Same Origin Policy prevents a web
site other than the one originating the cookie from reading what’s in
the cookie, the server can be reasonably assured that the request does
not originate from an unknown request on another website. Note that
this and other anti-CSRF measures do not protect against spoofing or
getting a user to actively click on a link on an attacked website by
mistake.
- JSON
JavaScript Object Notation is a format for
marshalling data. It is based on a subset of JavaScript that is used
to declare objects. Compared to xml, JSON is a lightweight, easily
parsed format.
- model
- In MVC design, the layer that deals directly with the data.
- Same Origin Policy
A web browser security policy that prevents one website from reading:
1) the cookies from another website
2) the response body from another website
- single sign-on
- A feature that allows one login to authenticate a user for multiple
applications. So logging into one application will authenticate you
for all the applications that support the same single-sign-on
infrastructure.
- TurboGears
A Python web framework that most of Fedora Infrastructure’s apps are
built on.
- view
- In MVC design, the layer that takes care of formatting and rendering
data for the consumer. This could be displaying the data as an html
page or marshalling it into JSON objects.