• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Knute Snortum
  • Bear Bibeault
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Frits Walraven
  • Carey Brown
  • Tim Holloway

Possible Errors about SelfTest (1z0-807)

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello everyone:
The following answer maybe wrong. May I ask some help here?

Which two measures are most effective in protecting websites from cross site scripting (XSS)
attacks?
A. Escape “<” and “>” parameters that displayed or evaluated by the JavaScript interpreter.
B. URL-encode “<” and “>”parameters so they will never be evaluated by the JavaScript
Interpreter.
C. Ensure that the session cookie is sent only on UTTPS connections.
D. Treat all user-supplied input as unsafe, and white list known good characters
E. Execute all user-supplied scripts in a server-side sandbox.
answer: CE.

I think DE is more correctly. AB is right, but not enough.
 
author & internet detective
Posts: 39343
755
Eclipse IDE VI Editor Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I agree with you that D is more important than C. Without C, you don't have basic protection!
 
Neo Lo
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Jeanne Boyarsky wrote:I agree with you that D is more important than C. Without C, you don't have basic protection!



Yes, C is very important for web secure.
I think it's not so close to XSS attack, isn't it?
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!