Free Practice Exam - MCPD 70-562
Control Panel
Exam Progress
Move on to the next question
Links
Home
Microsoft Exams
Question 5
As part of an on-going project for the HR department you have created a web application that allows ex-employees to view their tax returns online. Ex-employees can see how much tax they paid during a certain period and print off copies. The application contains a page called ViewDetails that shows tax payments based on the following query string parameters FromDate, ToDate and EmployeeId. Your manager has reviewed the code and made a serious security recommendation. Which one of the following have they recommended?
Do not use query strings for the EmployeeId value. Instead use cookies
Do not use query strings for the EmployeeId value. Instead use Session State
None of these
Do not use query strings for the EmployeeId value. Instead use Application State
That was the correct answer, well done!
Sorry, that was the wrong answer
The correct answer is - Do not use query strings for the EmployeeId value. Instead use Session State. If the EmployeeId is in the query string it can be changed by hackers (or sneaky ex-employees) trying to view information for other employees. Using Session State ensures that once the user is logged in, their EmployeeId is stored in memory on the server and cannot be manipulated.
Sponsored
Free practice exams are provided free of charge by Accelerated Ideas. Please respect our exams and do not reproduce our material or abuse the testing system. Thank you. Microsoft exams for MCPD, MCTS, MCP, MCSE, MCSA, MCAD, MCSD
Sorry, that was the wrong answer 