Which of the following is NOT a recommended practice for secure session management?
- Storing sensitive data in sessions
- Using secure and HTTP-only cookies
- Implementing session timeout
- Generating random and unpredictable session IDs
Storing sensitive data in sessions is not a recommended practice for secure session management. Sensitive data should be stored securely on the server, and only a reference (such as a session ID) should be stored in the session. Storing sensitive data in sessions can expose it to potential session data leakage.
CSRF attacks primarily target which aspect of a web application?
- User Sessions
- Database Structure
- User Credentials
- Cross-Origin Resource Sharing (CORS)
CSRF (Cross-Site Request Forgery) attacks aim to exploit the user's active session, tricking them into performing unintended actions in an authenticated session.
You're debugging a PHP script and notice that a block of code inside an 'if' condition is always executing, even when the condition is false. Which of the following operators might be the cause of this behavior?
- == (Equality)
- #NAME?
- === (Identity)
- != (Inequality)
The '=' operator is used for assignment, not comparison. This results in the condition always evaluating as true, causing the code block to execute.
One method to add an extra layer of security during user authentication is called two-factor ________.
- Authentication
- Authorization Code
- Verification
- Authentication
To enhance security during user authentication, implementing "two-factor Authentication" is a recommended practice. This involves using two different methods to verify a user's identity.
The method of ensuring that data conforms to specific rules or definitions is called ________.
- Validation
- Sanitization
- Normalization
- Serialization
The process of ensuring data conforms to specific rules or definitions is called validation, which is essential for data integrity and security.
Imagine you are building an e-commerce application. When a user places an order, multiple operations like updating stock, logging order details, and processing payments are involved. Why would using transactions be beneficial in this scenario?
- To ensure data consistency
- To reduce database size
- To speed up data retrieval
- To simplify application code
Using transactions ensures that all the operations are treated as a single unit. If any part of the transaction fails, the entire transaction is rolled back, maintaining data consistency.
Which of the following headers can help in mitigating CSRF attacks?
- Content-Type
- X-Content-Security-Policy
- Referer-Policy
- X-Requested-With
The Referer-Policy header can help mitigate Cross-Site Request Forgery (CSRF) attacks by controlling which origins are allowed to make requests to the resource.
The path for which the cookie is valid can be set using the ________ parameter in the setcookie() function.
- cookie.max_age
- cookie.secure
- cookie.expires
- cookie.path
The 'cookie.path' parameter in the setcookie() function defines the path for which the cookie is valid, allowing for precise control over cookie scope.
In PDO, named placeholders in prepared statements start with the symbol ________.
- :param
- $param
- ?param
- @param
In PDO, named placeholders in prepared statements start with a colon (:), so they are typically written as :param.
In PHP, the ________ function is used to get the length of a string.
- strlen()
- count()
- sizeof()
- strlength()
In PHP, the strlen() function is used to determine the length (number of characters) of a string. It's particularly useful for validating input or working with text data.