security question of ZCE exam

security question of ZCE exam

am 25.08.2009 06:07:12 von Augusto Flavio

--0016364ed56e161d790471ef7858
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Hi all,



i'm discutting with my friend about this question for 30 min and i do not
agree with he. Here is the question:


Why is it important from a security perspective to never display PHP error
messages directly to the end user, yet always log them?


Answers: (choose 2)
Error messages will contain sensitive session information
Error messages can contain cross site scripting attacks
Security risks involved in logging are handled by PHP
X Error messages give the perception of insecurity to the user
X Error messages can contain data useful to a potential attacker


My answers is marked with a X.


some clue about this?


thanks



Augusto Morais

--0016364ed56e161d790471ef7858--

Re: security question of ZCE exam

am 25.08.2009 18:30:55 von Daniel Brown

On Tue, Aug 25, 2009 at 00:07, Augusto Flavio wrote:
>
> Answers: (choose 2)
> =A0 =A0Error messages will contain sensitive session information
> =A0 =A0Error messages can contain cross site scripting attacks
> =A0 =A0Security risks involved in logging are handled by PHP
> X =A0 =A0Error messages give the perception of insecurity to the user
> X =A0 =A0Error messages can contain data useful to a potential attacker
>
>
> My answers is marked with a X.
>
>
> some clue about this?

Yes, and my answers are marked with an X.

X Buy a study guide.
X Do your own homework.

--=20

daniel.brown@parasane.net || danbrown@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Check out our great hosting and dedicated server deals at
http://twitter.com/pilotpig

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Case Insensativity in String Comparisons

am 25.08.2009 18:48:52 von Ben Miller

Is there a simple to way to compare two strings with case insensitivity so
that the following will return true?

$foo = "Arnold";
$bar = "arnold";

If($foo == $bar) {

}

Thanks.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Case Insensativity in String Comparisons

am 25.08.2009 18:57:16 von Eddie Drapkin

On Tue, Aug 25, 2009 at 12:48 PM, Ben Miller wrote:
> Is there a simple to way to compare two strings with case insensitivity so
> that the following will return true?
>
> $foo = "Arnold";
> $bar = "arnold";
>
> If($foo == $bar) {
>
> }
>
> Thanks.
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

http://www.php.net/manual/en/function.strcasecmp.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php