5 quizzes found.

To force a user to redirect to a new URL from within a PHP 5 script, which of the following should be used?

  1. Send a HTTP "Location:" header
  2. Use the HTML <redirect> Tag
  3. Send a HTTP "Forward:" header
  4. Use the redirect() function

Choose 1 answers

During an HTTP authentication, how does one determine the username and password provided by the browser?

  1. Parse the HTTP headers manually using http_get_headers()
  2. Use the get_http_username() and get_http_password() functions
  3. Use the $_SERVER['HTTP_USER'] and $_SERVER['HTTP_PASSWORD'] variables
  4. Use the $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] variables
  5. Parse the $_SERVER['REQUEST_URI'] variable

Choose 1 answers

Consider the following function. What conditional should replace the ????? above?

function redirect($url) {
  // Check to make sure we haven't already sent
  // the header:

  if(???????) {
    header("Location: $url");
  1. !in_array("Location: $url", headers_list())
  2. !header_exists("Location: $url")
  3. !header_location($url)
  4. $_SERVER['HTTP_LOCATION'] != $url

Choose 1 answers

Under normal circumstances - and ignoring any browser bugs—how can a cookie be accessed from a domain other than the one it was set for?

  1. By consulting the HTTP_REMOTE_COOKIE header
  2. It cannot be done
  3. By setting a different domain when calling setcookie()
  4. By sending an additional request to the browser
  5. By using Javascript to send the cookie as part of the URL

Choose 1 answers

Answer B is correct. Browsers simply do not allow an HTTP transaction that takes place on one domain to set cookies for another domain. Doing otherwise would present clear security implications: for example, a malicious page on one domain could overwrite your session ID for another domain and force you to use another session to which a third party has access without your knowledge.

In an HTTPS transaction, how are URLs and query strings passed from the browser to the web server?

  1. They are passed in clear text, and the subsequent transaction is encrypted
  2. They are encrypted
  3. The URL is left in clear text, while the query string is encrypted
  4. The URL is encrypted, while the query string is passed in clear text
  5. To ensure its encryption, the query string is converted into a header and passed along with the POST information

Choose 1 answers

When an HTTPS transaction takes place, the browser and the server immediately negotiate an encryption mechanism so that any subsequent data is not passed in clear text - including the URL and query string, which are otherwise passed the same way as with a traditional HTTP transaction. Answer 2 is, therefore, correct.