Question: 1. (20) Consider an e-commerce web application. The following code excerpt is from a web page that enables a customer, after logging in, to view

1. (20) Consider an e-commerce web application. The following code excerpt

1. (20) Consider an e-commerce web application. The following code excerpt is from a web page that enables a customer, after logging in, to view his/her invoices. Assume the schema for database table "invoices" is the following: "invoces(id, userid, item, qty, unitPrice, shippingAddress, orderDate]". Fields id, userid, item, and shippingAddress of of type string Public class DisplayInvoice extends HttpServiet ( Public void doPost(HttpServietRequest, request, HttpServietResponse response) //user must be logged in to view invoices String userid request.getSession).getAttributef"userid'"); f (userids enull) ( B. Throw new NotLoggedinExceptionC"User must be loggined" String a fequest String querySELECT FROM invoices WHERE id++ Statement snta connection.createtatement); celD"); Il code to display rs (a) Would a static analysis tool flag it as having a potential vulnerability, if so what type of static analysis will find this vulnerability? (b) This problem contains a vulnerability that cannot be detected by generic static analysis. Please correct the problem. 1. (20) Consider an e-commerce web application. The following code excerpt is from a web page that enables a customer, after logging in, to view his/her invoices. Assume the schema for database table "invoices" is the following: "invoces(id, userid, item, qty, unitPrice, shippingAddress, orderDate]". Fields id, userid, item, and shippingAddress of of type string Public class DisplayInvoice extends HttpServiet ( Public void doPost(HttpServietRequest, request, HttpServietResponse response) //user must be logged in to view invoices String userid request.getSession).getAttributef"userid'"); f (userids enull) ( B. Throw new NotLoggedinExceptionC"User must be loggined" String a fequest String querySELECT FROM invoices WHERE id++ Statement snta connection.createtatement); celD"); Il code to display rs (a) Would a static analysis tool flag it as having a potential vulnerability, if so what type of static analysis will find this vulnerability? (b) This problem contains a vulnerability that cannot be detected by generic static analysis. Please correct the

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

answer the question clearly You are building a flight-control system for which a convincing safety case must be made. Would you assign the tasks of safety requirements engineering, test case...

Southwest Bankers, Inc. (not it's real name) through its subsidiaries, provides financing for industrial and commercial properties, for interim construction related to industrial and commercial...

web project Palestinian Best Food Store (PBFS), is an online food store that sales authenticated Palestinian Food, such as Zater, Olive Oil, Sage, ets. Also sales pre-packaged Palestinian meals such...

CHAPTER 1 THE BUSINESS AND SOCIETY RELATIONSHIP BUSINESS & SOCIETY Title ISBN Business and Society Archie B. Carroll; Ann K. Buchholtz 978-1-285-73429-3 Publisher Cengage Learning Author FOCUS OF THE...

i want help with my project , here is my project , can you write the part of ( add Task and Search ) plzz in web ... plzz asab and precisely IMPORTANT NOTES - You should not in any case use any...

I've attached the assignment as a word file, thanks! JWCL165_c07_304-355.qxd 7/31/09 2:05 PM Page 304 7 Fraud, Internal Control, and Cash Chapter STUDY OBJECTIVES After studying this chapter, you...

Describe the types of cybercrimes facing organizations and critical infrastructures, explain the motives of cybercriminals, and evaluate the financial Explain both low-tech and high-tech methods...

Prototype Functionality Business Rules and Role Access The prototype is to implement the business rules in the table below, and restrict access to these by user role, also specified in the table. The...

Assignment Overview In the real-world, your job as a software engineer is to solve unsolved problems. Below, you will find details of a desired software application for which a solution does not yet...

Need ONLY an answer to Part C, step 1, questions 1 and 3. Term Project Part A: Understanding Financial Statements Locate and use an annual report STEP 1: The Company Assigned to you Find the most...

Let C = [Cij] be an n x n positive definite symmetric matrix and let V be an n-dimensional vector space with ordered basis S = {u1, u2,... un}. For v = a1u1+ a2u2+...+anun and w = b1u1+b2u2+ ... +...

Q1: You bought a small cap, illiquid stock 6 months ago, paying $1,734.55 per share. Two weeks ago, due to some unexpected financial pressures, you needed to sell the stock, with some urgency. You...

In a business combination, the valuation of goodelli is a calcuiation: A . To offlot the berpsin purchese coet. B . Of all of the unlimiled - Me intangible assets. C . Of the reslduat pald abowe the...

Compared with half a century ago, adoption has become _ _ _ _ _ _ _ _ _ common, but it is more open and acceptabl e , so we probably discuss it _ _ _ _ _ _ _ . fill in the blanks more or much less or...

=+ 3. Water is necessary for life. Is the marginal benefit of a glass of water large or small?

=+ Describe an incentive your parents offered to you in an effort to influence your behavior.

=+What kinds of problems need to be overcome?