Re: [PHP] security question of ZCE exam

[Daniel Brown]

On Tue, Aug 25, 2009 at 00:07, Augusto Flavioafla...@gmail.com wrote:

 Answers: (choose 2)
    Error messages will contain sensitive session information
    Error messages can contain cross site scripting attacks
    Security risks involved in logging are handled by PHP
 X    Error messages give the perception of insecurity to the user
 X    Error messages can contain data useful to a potential attacker


 My answers is marked with a X.


 some clue about this?

Yes, and my answers are marked with an X.

XBuy a study guide.
XDo your own homework.

-- 
/Daniel P. Brown
daniel.br...@parasane.net || danbr...@php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Check out our great hosting and dedicated server deals at
http://twitter.com/pilotpig

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] security question of ZCE exam

[Augusto Flavio]

Hi all,



i'm discutting with my friend about this question for 30 min and i do not
agree with he. Here is the question:


Why is it important from a security perspective to never display PHP error
messages directly to the end user, yet always log them?


Answers: (choose 2)
Error messages will contain sensitive session information
Error messages can contain cross site scripting attacks
Security risks involved in logging are handled by PHP
XError messages give the perception of insecurity to the user
XError messages can contain data useful to a potential attacker


My answers is marked with a X.


some clue about this?


thanks



Augusto Morais