Chapter 12 Answers

  1. Cookies should be transferred before a web page’s HTML because they are sent as part of the headers.

  2. To store a cookie on a web browser, use the set_cookie function.

  3. To destroy a cookie, reissue it with set_cookie but set its expiration date to sometime in the past.

  4. Using HTTP authentication, both the username and password are stored in $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'].

  5. The md5 function is a powerful security measure because it is a one-way function that converts a string to a 32-character hexadecimal number that cannot be converted back, and is therefore almost uncrackable.

  6. When a string is salted, extra characters (known only by the programmer) are added to it before md5 conversion. This makes it nearly impossible for a brute-force dictionary attack to succeed.

  7. A PHP session is a group of variables unique to the current user.

  8. To initiate a PHP session, use the session_start function.

  9. Session hijacking is where a hacker somehow discovers an existing session ID and attempts to take it over.

  10. Session fixation is the attempt to force your own session ID onto a server rather than letting it create its own.

Get Learning PHP, MySQL, JavaScript, and CSS, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial