Chapter 13 Answers
- Question 13-1
Cookies should be transferred before a web page’s HTML, because they are sent as part of the headers.
- Question 13-2
To store a cookie on a web browser, use the
- Question 13-3
To destroy a cookie, reissue it with
set_cookiebut set its expiration date in the past.
- Question 13-4
Using HTTP authentication, the username and password are stored in
- Question 13-5
md5function is a powerful security measure, because it is a one-way function that converts a string to a 32-character hexadecimal number that cannot be converted back, and is therefore almost uncrackable.
- Question 13-6
When a string is salted, extra characters (known only by the programmer) are added to it before
md5conversion. This makes it nearly impossible for a brute force dictionary attack to succeed.
- Question 13-7
A PHP session is a group of variables unique to the current user.
- Question 13-8
To initiate a PHP session, use the
- Question 13-9
Session hijacking is where a hacker somehow discovers an existing session ID and attempts to take it over.
- Question 13-10
Session fixation is the attempt to force your own session ID onto a server rather than letting it create its own.