Thursday, February 21, 2008

php questions

1 You can determine if you can seek an arbitrary stream in PHP with the ___________ function

2 To ensure that a given object has a particular set of methods, you must provide a method list in the form of an ________ and then attach it as part of your class using the ________ keyword.

Answer...
array, interface
interface, implements
interface, extends
instance, implements
access-list, instance

3 When executing system commands from PHP, what should one do to keep applications secure?

Answers: (choose 3)
Remove all quote characters from variables used in a shell execution
Avoid using shell commands when PHP equivlents are available
Hard code all shell commands
Escape all shell arguments
Escape all shell commands executed

4 When attempting to prevent a cross-site scripting attack, which of the following is most important?

Answer...
Not writing Javascript on the fly using PHP
Filtering Output used in form data
Filtering Output used in database transactions
Writing careful Javascript
Filtering all input



Please answer through the comments I will make it publish on blog..............
at

4 comments:

  1. UnknownThursday, April 3, 2008 at 11:58:00 PM GMT+1

    1 :
    stream_get_meta_data()

    2 :
    interface, implements

    3 :
    Hard code all shell commands
    Avoid using shell commands when PHP equivlents are available

    still looking for the 3d solution


    4 :
    Filtering all input

    good luck

    cheers

    Stéphane
    www.vediovis.com

    ReplyDelete
  2. nkhanchandaniSunday, April 27, 2008 at 4:28:00 PM GMT+1

    for question 3, i think:

    Hard code all shell commands
    Escape all shell arguments
    Escape all shell commands executed

    ReplyDelete
  3. UnknownSunday, July 6, 2008 at 10:40:00 PM GMT+1

    Question 3 - this makes sense:

    Remove all quote characters from variables used in a shell execution

    Avoid using shell commands when PHP equivalents are available

    Escape all shell arguments

    ReplyDelete
  4. MagedevSaturday, August 22, 2009 at 9:53:00 PM GMT+1

    3. I'm quite sure of:
    Escape all shell arguments
    Escape all shell commands executed
    (see warning at http://us2.php.net/manual/en/function.system.php)
    I'm not sure of 3rd answer as:
    Avoid using shell commands when PHP equivlents are available
    and:
    Hard code all shell commands
    are both valid in my opinion (from ZCE Study Guide: "When possible avoid the use of shell commands. If they are necessary, avoid the use of client input to construct dynamic shell commands")

    ReplyDelete

Please put your comments here. your questions, your suggestions, also what went wrong with me.