91) what is magic quotes?
Ans : Magic Quotes is a process
that automagically escapes ncoming data to the PHP script. It’s preferred to
code with magic quotes off and to instead escape the data at runtime, as
needed. This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP
6.0.0. Relying on this feature is highly discouraged.
92) what is cross site scripting? SQL injection?
Ans : Cross-site scripting (XSS)
is a type of computer security vulnerability typically found in web
applications which allow code injection by malicious web users into the web
pages viewed by other users. Examples of such code include HTML code and
client-side scripts. SQL injection is a code injection technique that exploits
a security vulnerability occurring in the database layer of an application. The
vulnerability is present when user input is either incorrectly filtered for
string literal escape characters embedded in SQL statements or user input is
not strongly typed and thereby unexpectedly executed
93) what is URL rewriting?
Ans : Using URL rewriting we can
convert dynamic URl to static URL Static URLs are known to be better than Dynamic URLs because of a number
of reasons 1. Static URLs typically Rank better in Search Engines. 2. Search
Engines are known to index the content of dynamic pages a lot slower compared
to static pages. 3. Static URLs are always more friendlier looking to the End
Users. along with this we can use URL rewriting in adding variables [cookies]
to the URL to handle the sessions.
94) what is the major php security hole? how to
avoid?
Ans : 1. Never include, require,
or otherwise open a file with a filename based on user input, without
thoroughly checking it first.
2. Be careful with eval() Placing user-inputted values into the eval()
function can be extremely dangerous. You essentially give the malicious user
the ability to execute any command he or she wishes!
3. Be careful when using register_globals = ON It was originally designed
to make programming in PHP easier (and that it did), but misuse of it often led
to security holes
4. Never run unescaped queries
5. For protected areas, use sessions or validate the login every time.
6. If you don’t want the file contents to be seen, give the file a .php
extension.
95) whether PHP supports Microsoft SQL server ?
Ans : The SQL Server Driver for PHP v1.0 is designed to enable
reliable, scalable integration with SQL Server for PHP applications deployed on
the Windows platform. The Driver for PHP is a PHP 5 extension that allows the
reading and writing of SQL Server data from within PHP scripts. using MSSQL or
ODBC modules we can access Microsoft SQL server.
No comments:
Post a Comment