Comments on: Zend PHP5 certification Exam study review 6: Security http://readtheweb.info/2008/01/14/zend-php5-certification-exam-study-review-6-security/ PHP, CSS, Ajax, webdevelop and everything else. Sat, 24 Jul 2010 06:44:37 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: admin http://readtheweb.info/2008/01/14/zend-php5-certification-exam-study-review-6-security/comment-page-1/#comment-1586 admin Fri, 30 Jan 2009 09:07:55 +0000 http://readtheweb.info/2008/01/14/zend-php5-certification-exam-study-review-6-security/#comment-1586 bOro, I think another answer maybe 1). The session here maybe refer to the linux session, not the the "session" session we talk about a website? Max, for me, I will choose b and c; simply because use strip_tags can specify allowed tags. bOro, I think another answer maybe 1). The session here maybe refer to the linux session, not the the “session” session we talk about a website?

Max, for me, I will choose b and c; simply because use strip_tags can specify allowed tags.

]]> By: Max http://readtheweb.info/2008/01/14/zend-php5-certification-exam-study-review-6-security/comment-page-1/#comment-1584 Max Mon, 26 Jan 2009 16:08:47 +0000 http://readtheweb.info/2008/01/14/zend-php5-certification-exam-study-review-6-security/#comment-1584 I am puzzled by the following question: When using a function such as strip_tags, are markup-based attacks still possible? a. No, HTML does not pose any security risk b. Yes, even a HTML tag is a security risk c. Yes, attributes of allowed tags are ignored d. No, strip_tags will prevent any markup-based sttack. I am not sure about b or c. I am puzzled by the following question:
When using a function such as strip_tags, are markup-based attacks still possible?
a. No, HTML does not pose any security risk
b. Yes, even a HTML tag is a security risk
c. Yes, attributes of allowed tags are ignored
d. No, strip_tags will prevent any markup-based sttack.

I am not sure about b or c.

]]> By: b0ro http://readtheweb.info/2008/01/14/zend-php5-certification-exam-study-review-6-security/comment-page-1/#comment-1578 b0ro Sun, 11 Jan 2009 12:22:51 +0000 http://readtheweb.info/2008/01/14/zend-php5-certification-exam-study-review-6-security/#comment-1578 Hi since a while I've been searching the web to find any information about Zend Cert and I have to admit that your blog is really useful. I have a question about security. It's from a mock exam I've recently taken. I hope you could help me. So the question is: Why is it important form the security perspective to never display PHP error messages direclty to the end user, yet always log them? (choose 2) 1) Error messages will contain sensitive session information 2) Error messages can contain XSS attacks 3) Security risk involved in logging are handled by PHP 4) Error messages can contain data usefulto a potential attacker 1) - I'm not sure about it. 2) - Messages can contain info witch is useful to use during planing XSS attack but Idon't think they can contain attacks itself 3) - I don't really understand this answer. 4) - That was my answer But according to the question there should be 2 answers. Hi since a while I’ve been searching the web to find any information about Zend Cert and I have to admit that your blog is really useful. I have a question about security. It’s from a mock exam I’ve recently taken. I hope you could help me. So the question is:

Why is it important form the security perspective to never display PHP error messages direclty to the end user, yet always log them? (choose 2)

1) Error messages will contain sensitive session information

2) Error messages can contain XSS attacks

3) Security risk involved in logging are handled by PHP

4) Error messages can contain data usefulto a potential attacker

1) – I’m not sure about it.
2) – Messages can contain info witch is useful to use during planing XSS attack but Idon’t think they can contain attacks itself
3) – I don’t really understand this answer.
4) – That was my answer But according to the question there should be 2 answers.

]]> By: mescalito2 http://readtheweb.info/2008/01/14/zend-php5-certification-exam-study-review-6-security/comment-page-1/#comment-1414 mescalito2 Thu, 24 Jul 2008 21:17:31 +0000 http://readtheweb.info/2008/01/14/zend-php5-certification-exam-study-review-6-security/#comment-1414 Hi, very nice brief, well done. About the Heena's question: "A fingerprint of a string can be determined using w..." why the answer es md5??? Thank for ur attendion and wish my luck for tomorrow in my php exam. :) Hi, very nice brief, well done.

About the Heena’s question: “A fingerprint of a string can be determined using w…” why the answer es md5???

Thank for ur attendion and wish my luck for tomorrow in my php exam. :)

]]> By: admin http://readtheweb.info/2008/01/14/zend-php5-certification-exam-study-review-6-security/comment-page-1/#comment-1051 admin Tue, 03 Jun 2008 12:42:19 +0000 http://readtheweb.info/2008/01/14/zend-php5-certification-exam-study-review-6-security/#comment-1051 Answer: md5(); Answer: md5();

]]> By: Heena http://readtheweb.info/2008/01/14/zend-php5-certification-exam-study-review-6-security/comment-page-1/#comment-1043 Heena Mon, 02 Jun 2008 10:41:26 +0000 http://readtheweb.info/2008/01/14/zend-php5-certification-exam-study-review-6-security/#comment-1043 hi first of all thanks for your time to answer me. there is another question for you :) A fingerprint of a string can be determined using which of the following? 1> md5() 2> hash() 3> fingerprint() 4> none of the above please answer thanks hi first of all thanks for your time to answer me.
there is another question for you :)

A fingerprint of a string can be determined using which of the following?
1> md5()
2> hash()
3> fingerprint()
4> none of the above

please answer
thanks

]]>