• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How "tricky" is the real exam?

 
Daniel Dalton
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do questions in the real exam try to "trick" you?

I've just sat a mock exam, and saw a question about "Disadvantages of URL rewriting". One of the two answers given as correct was:

The application author must ensure all URLs in all resources are encoded

and a wrong answer as:
It can allow unauthorised parties to masquerade as another user and join their session
because the same can happen with any other form of unencrypted transmission.

The notion of "disadvantage" feels subjective to me, is the real exam more black and white?
 
Rick Roberts
Ranch Hand
Posts: 59
Hibernate Java Redhat
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Maybe I don't fully understand the question but, it seems to me that:

The application author must ensure all URLs in all resources are encoded


Is clearly one of the disadvantages because if you are using "URL Rewriting" then url encoding must be taken care of by the developer, vice not having to worry about it if you were using "cookies".

The next part is not quite so clear to me, however:

It can allow unauthorised parties to masquerade as another user and join their session


This may be a little tricky, but it seems to me that this has nothing to do with "URL Rewriting" but rather with using an unencrypted channel for authentication (as you already alluded to).

And as far as:

Do questions in the real exam try to "trick" you?


I think the answer to that is YES
 
Deepak Bala
Bartender
Posts: 6663
5
Firefox Browser Linux MyEclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It can allow unauthorised parties to masquerade as another user and join their session


Why is this wrong ? What if i know the value to your jsessionid cookie header ?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic