| 4 comments ]

1 You can determine if you can seek an arbitrary stream in PHP with the ___________ function

2 To ensure that a given object has a particular set of methods, you must provide a method list in the form of an ________ and then attach it as part of your class using the ________ keyword.

Answer...
array, interface
interface, implements
interface, extends
instance, implements
access-list, instance

3 When executing system commands from PHP, what should one do to keep applications secure?

Answers: (choose 3)
Remove all quote characters from variables used in a shell execution
Avoid using shell commands when PHP equivlents are available
Hard code all shell commands
Escape all shell arguments
Escape all shell commands executed

4 When attempting to prevent a cross-site scripting attack, which of the following is most important?

Answer...
Not writing Javascript on the fly using PHP
Filtering Output used in form data
Filtering Output used in database transactions
Writing careful Javascript
Filtering all input



Please answer through the comments I will make it publish on blog..............

4 comments

Unknown said... @ Thursday, April 3, 2008 at 11:58:00 PM GMT+1

1 :
stream_get_meta_data()

2 :
interface, implements

3 :
Hard code all shell commands
Avoid using shell commands when PHP equivlents are available

still looking for the 3d solution


4 :
Filtering all input

good luck

cheers

Stéphane
www.vediovis.com

nkhanchandani said... @ Sunday, April 27, 2008 at 4:28:00 PM GMT+1

for question 3, i think:

Hard code all shell commands
Escape all shell arguments
Escape all shell commands executed

Unknown said... @ Sunday, July 6, 2008 at 10:40:00 PM GMT+1

Question 3 - this makes sense:

Remove all quote characters from variables used in a shell execution

Avoid using shell commands when PHP equivalents are available

Escape all shell arguments

Magedev said... @ Saturday, August 22, 2009 at 9:53:00 PM GMT+1

3. I'm quite sure of:
Escape all shell arguments
Escape all shell commands executed
(see warning at http://us2.php.net/manual/en/function.system.php)
I'm not sure of 3rd answer as:
Avoid using shell commands when PHP equivlents are available
and:
Hard code all shell commands
are both valid in my opinion (from ZCE Study Guide: "When possible avoid the use of shell commands. If they are necessary, avoid the use of client input to construct dynamic shell commands")

Post a Comment

Please put your comments here. your questions, your suggestions, also what went wrong with me.