2 quizzes found.

Why is it important from a security perspective to never display PHP error messages directly to the end user, yet always log them?

  1. Error messages will contain sensitive session information
  2. Error messages can contain cross site scripting attacks
  3. Security risks involved in logging are handled by PHP
  4. Error messages give the perception of insecurity to the user
  5. Error messages can contain data useful to a potential attacker

Choose 2 answers

What will the following script output?

<?php
ob_start();
for ($i = 0; $i < 10; $i++) {
echo $i;
}
$output = ob_get_contents();
ob_end_clean();
echo $ouput;
  1. 12345678910
  2. 1234567890
  3. 0123456789
  4. Nothing
  5. A notice

Choose 1 answers

Yet another question designed to see how well you recognize bugs in a script. Did you notice that, at the end of the script, the $output variable’s name is misspelled in the echo statement? The script will output a notice and, therefore, Answer 5 is correct.