Student ID No: _________________
UNIVERSITY OF TASMANIA
Pages: 8 Questions: 20
EXAMINATIONS FOR DEGREES AND DIPLOMAS June 2018
KIT202 Secure Web Programming
First and Only Paper Ordinary Examination
Examiners: Soonja Yeom and Amanda Lunt
Time Allowed: TWO (2) hours Reading Time: FIFTEEN (15) minutes
Instructions:
The total for this examination is 120 marks. Attempt ALL questions of both Section A and Section B.
-2- KIT202 Secure Web Programming
SECTION A
Attempt ALL questions from Section A. Each question is worth 5 marks. This section is worth 80 marks, or 70% of the examination.
Question 1.
What is a protocol? Provide a simple definition of it with two relevant examples from the unit. Briefly explain the main functions of each of them.
[5 marks]
Question 2.
The Hypertext Transfer Protocol (HTTP) handles communications between server and client. A diagram of the HTTP message structure is presented below. Explain the key tasks/roles of each part with examples.
Figure 2 : HTTP structure
Question 3.
Describe two advantages of using the shorthand method of the AJAX function of jQuery.
[5 marks]
Question 4.
Describe “cross-browser issues” and “method chainability”. Discuss briefly their pros and cons.
[5 marks]
Question 5.
Describe the difference between static and dynamic web pages as they function in a traditional client-server model.
[5 marks]
Question 6.
Write pseudo code for password validation in a form. The password requires 6-8 characters, must contain at least one numeric value, and at least one letter.
Continued…
[5 marks]
[5 marks]
-3- KIT202 Secure Web Programming
Question 7.
The following is based on the table called classics (Figure 7).
a. Write a MySQL command to insert a new entry with ‘Jeremy, Spooky Story,
Fiction, 2015’ into the table.
b. Write a MySQL command to show the contents of the table.
[2 marks] [1 mark]
c. Write a MySQL command that changes the table by adding another column
called ISBN, with an integer type and a size of 13. Figure 7 The structure of the table, classics.
[2 marks]
Question 8.
The contents of the first two columns of the table, classics, are listed below (Figure 8): Figure 8 Table classics
a. Write a MySQL command to display the names of all authors only once as below.
Figure 8-a The result of your command
Continued…
[2 marks]
-4- KIT202 Secure Web Programming
b. ISBN is to be identified as the table’s primary key. Write a MySQL command that performs this change as Figure 8-b.
Figure 8-b The result of your command when the table is described.
Question 9.
Encryption reduces the possibility that the content of a message is revealed in transit, but it does not address tampering and misrepresentation.
a. Briefly explain the meaning of tampering and misrepresentation.
b. What technique can protect against this?
[1 mark]
c. Describe this technique in detail, identifying all the algorithms involved.
Question 10.
Explain the use of two superglobal variables, $_POST and $_GET, in the code snippet below. When would you recommend to use each? Why?
Figure 10
[3 marks]
[1 mark] [3 marks]
Question 11.
Caution is needed when allowing users to leave comments on our web site (Figure 11). What risks do we need to mitigate against? What solutions do you suggest?
Continued…
[5 marks]
-5-
KIT202 Secure Web Programming
Figure 11
Question 12.
What is the DOM? Why is this important for us when working the web development
environment? Provide a programming example of the use of the DOM.
Question 13.
[5 marks]
Provide two examples of useful activities that can only be achieved using client-side scripting. Are there any disadvantages to using client-side scripting in contrast to server-
[5 marks]
side scripting? Explain your answer.
Question 14.
What is the output of the following code snippet (Figure 14)?
Figure 14
[5 marks]
Question 15.
What is the difference between session and cookie? Explain in detail with examples.
Continued…
[5 marks]
[5 marks]
-6- KIT202 Secure Web Programming
Question 16.
An HTML page has been created as below (Figure 16-a)
Figure 16-a
Write CSS rules to achieve the below output. The heading background colour is #B0C4DE. The heading itself and the solid underline uses another colour, #000080. The main paragraph uses “Arial” font. (Figure 16-b)
Figure 16-b
Continued…
[5 marks]
-7- KIT202 Secure Web Programming
SECTION B – APPLIED QUESTIONS
Attempt ALL questions from Section B. Each question is worth 10 marks. This section is worth 40 marks, or 30% of the examination.
Question 17.
The page pictured below is from a web-based catalogue application for librarians (Figure 17). Evaluate this page in terms of design as well as its potential functionalities. Discuss both positive and negative aspects. What would you suggest to improve its design and/or its functionalities?
Figure 17 Output of a web page
Continued…
[10 marks]
-8- KIT202 Secure Web Programming
Question 18.
How do digital signatures work? Describe the techniques/algorithms that are involved in this process. What are the purposes/main goals for using these techniques/algorithms?
[10 marks]
Question 19.
This question concerns “State Management” with the Guest Book example. (Figure 19) a. HTTP transactions are said to be stateless. What does stateless mean? What
weakness is caused by being stateless?
b. session_start() is a PHP function. Briefly explain what this does and where
you would expect to see calls to this function.
[4 marks]
c. How do programmers store values in the $_SESSION variable? Write code that would do the following:
• Store an element with the key ‘mode’ and the value ‘edit’
• Store an element with the key ‘username’ and the value ‘jsmith’
Figure 19 Example of State Management
[4 marks]
[2 marks]
Question 20.
Two-way communication between client and server is a classic model for web sites. However, there is a newer model that uses a technique to download data from a server without reloading your page. What is this technique? Explain how it works, listing all the technologies involved with this technique. What problems with web pages can be overcome using this technique?
[10 marks]
End of Examination