To maintain a separation of concerns, servlets in MVC should not directly manipulate the __________.
- Controller
- Database
- Model
- View
To maintain a separation of concerns, servlets in MVC should not directly manipulate the Controller.
The __________ method in servlets is often used to dispatch requests to different handlers in an MVC framework.
- doDispatch()
- doPost()
- init()
- service()
The doDispatch() method in servlets is often used to dispatch requests to different handlers in an MVC framework.
In a complex web application using MVC and servlets, a new feature requires integration of a third-party service. Where should this integration primarily take place?
- In a separate utility class
- In the Controller
- In the Model
- In the View
In MVC architecture, business logic, including third-party service integration, is primarily handled in the Controller. This ensures separation of concerns and makes the application more modular.
A web application needs to redirect the user to different pages based on their role. How should this logic be implemented using servlets in MVC?
- In the Controller
- In the Model
- In the View
- Using servlet filters
The logic for redirecting users based on their role should be implemented in the Controller. The Controller handles the application's flow and decides which view to render based on the user's role.
A servlet is configured with specific initialization parameters. How does this impact the servlet's processing of requests?
- The parameters are accessible using the getInitParameter() method within the servlet.
- The parameters are accessible using the request.getParameter() method.
- The parameters are automatically injected into the servlet methods.
- The parameters are only accessible in the doPost() method.
When a servlet is configured with specific initialization parameters, these parameters can be accessed within the servlet using the getInitParameter() method, allowing customization of the servlet's behavior based on the configuration.
To mitigate DOM-based XSS attacks, one should avoid using _________ directly with user input.
- document.write()
- getElementById()
- innerHTML
- setAttribute()
Mitigating DOM-based XSS involves avoiding direct use of the innerHTML property with user input, as it can be exploited to execute malicious scripts within the DOM.
A developer is implementing CSP for the first time. What common challenges might they face?
- Blocking Legitimate Scripts
- Compatibility Issues with Older Browsers
- Difficulty in Debugging
- Increased Load Times
Implementing Content Security Policy (CSP) for the first time may face compatibility issues with older browsers. These issues could arise due to the introduction of security restrictions that are not supported in older browser versions.
Initialization parameters for a servlet are configured in the _________ file.
- config.xml
- initparams.xml
- servlet.xml
- web.xml
Initialization parameters for a servlet are configured in the web.xml file.
What is the significance of using HttpOnly cookies in the context of XSS prevention?
- They are encrypted during transmission
- They can only be accessed via HTTP
- They cannot be accessed by JavaScript
- They have a longer expiration time
HttpOnly cookies cannot be accessed by JavaScript, making them more secure against XSS attacks as malicious scripts won't have access to sensitive cookie information.
What is the key difference between Stored XSS and Reflected XSS attacks?
- Reflected XSS involves non-persistent injection
- Reflected XSS targets the client-side
- Stored XSS involves persistent injection
- Stored XSS targets the server-side
Stored XSS involves the injection of malicious scripts that persist on the target, whereas Reflected XSS involves non-persistent injection and reflects the payload back to the user.