An attacker somehow obtains an unsuspecting user’s SID and then using it to impersonate the user in order to gain potentially sensitive information. This attack is known as __________(a) session-fixation(b) session-fixing(c) session-hijack(d) session-copyI got this question in final exam.Asked question is from Session Handling-2 topic in chapter File and Session Handling in PHP of PHP

An attacker somehow obtains an unsuspecting user’s SID and then usin

1.	An attacker somehow obtains an unsuspecting user’s SID and then using it to impersonate the user in order to gain potentially sensitive information. This attack is known as __________(a) session-fixation(b) session-fixing(c) session-hijack(d) session-copyI got this question in final exam.Asked question is from Session Handling-2 topic in chapter File and Session Handling in PHP of PHP
Answer» The correct option is (a) SESSION-fixation To explain I WOULD say: The attack session fixation attempts to exploit the vulnerability of a system that allows one person to set another person’s session IDENTIFIER. You can minimize this risk by regenerating the session ID on each request while maintaining the session-specific data. PHP offers a convenient FUNCTION named session_regenerate_id() that will replace the existing ID with a new one.

Discussion

No Comment Found

Related InterviewSolutions

Which directive should we disable to obscure the fact that PHP is being used on our server?(a) show_php(b) expose_php(c) print_php(d) info_phpI had been asked this question during an internship interview.My question comes from Website Security using PHP in chapter File and Session Handling in PHP of PHP
The developers of PHP deprecated the safe mode feature as of which PHP version.(a) PHP 5.1.0(b) PHP 5.2.0(c) PHP 5.3.0(d) PHP 5.3.1The question was asked in class test.The question is from Website Security using PHP topic in chapter File and Session Handling in PHP of PHP
Say I want to change the extension of a PHP file, which of the following statements should I edit to change from .php to .html in the httpd.conf file?(a) AddType application/x-httpd-php .php(b) AddType application/x-httpd-php .asp(c) AddType application/x-httpd-asp .php(d) AddType application/x-httpd-asp .aspI got this question in an interview for job.This interesting question is from Website Security using PHP topic in section File and Session Handling in PHP of PHP
Which directive determines which degree of server details is provided if the ServerSignature directive is enabled?(a) ServerAddons(b) ServerExtra(c) ServerTokens(d) ServerDetailsThe question was posed to me during an online exam.This interesting question is from Website Security using PHP topic in chapter File and Session Handling in PHP of PHP
Which Apache directive outputs Apache’s server version, server name, port and compile-in modules?(a) ServerSignature(b) ServerName(c) ServerDetails(d) ServerInfoI have been asked this question in examination.My question comes from Website Security using PHP in chapter File and Session Handling in PHP of PHP
Suppose all web material is located within the directory /home/www. To prevent users from viewing and manipulating files such as /etc/password, which one of the following statements should you use?(a) open_dir = “/home/www/”(b) open_dir = /home/www/(c) open_basedir = /home/www/(d) open_basedir = “/home/www/”The question was asked in unit test.The query is from Website Security using PHP topic in chapter File and Session Handling in PHP of PHP
The memory_limit is only applicable if ________ is enabled when you configure PHP.(a) –enable-limit(b) -enable-memory-limit(c) –enable-memory-limit(d) -memory-limitThis question was addressed to me in an online quiz.My enquiry is from Website Security using PHP topic in portion File and Session Handling in PHP of PHP
What is the default value of max_execution_time directive? This directive specifies how many seconds a script can execute before being terminated.(a) 10(b) 20(c) 30(d) 40I had been asked this question in quiz.I'm obligated to ask this question of Website Security using PHP topic in section File and Session Handling in PHP of PHP
Which one of the following statements should be used to disable the use of two classes administrator and janitor?(a) disable_classes = “administrator, janitor”(b) disable_classes = class administrator, class janitor(c) disable_classes = class “administrator”, class “janitor”(d) disable_class = class “administrator”, class “janitor”The question was posed to me in an online quiz.Enquiry is from Website Security using PHP topic in section File and Session Handling in PHP of PHP
Which one of the following statements should be used to disable just the fopen(), and file() functions?(a) disable_functions = fopen(), file()(b) disable_functions = fopen, file(c) functions_disable = fopen(), file()(d) functions_disable = fopen, fileThis question was posed to me in my homework.My doubt stems from Website Security using PHP in division File and Session Handling in PHP of PHP

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment