SI110 Spring AY13 choose one: (or more) Alpha:___________ □ Received no help Homework: Name:________________________________ Page 1 of 2 □ Received help from: □ Collaborated with:________________________________________ /SI110/The Cyber Battlefield/Server-Side Scripting 1. A webpage on www.fropjop.com has a form that allows user input to enter data. Entering data results in a script being executed that depends on this data. The script loops forever (infinite loop) if the user provides bad input. Who gets harmed by the bad input: the user who entered the data, or the webserver owner of the www.fropjop.com, if the script is ... 5/4/3/0 a. ... "client-side" ? Circle one: user webserver owner b. ... "server-side" ? Circle one: user webserver owner 2. Fill in the missing pieces of the HTML below, based on the following: You go to the page, enter John in the first box, enter Doe in the second box, then press the "Look Up Name" button, which results in the following URL being visited: http://rona.cs.usna.edu/gungnam.jsx?fst=John&lst=Doe <html> <head></head> <body> <form name="lookup" onsubmit="return false" action=" First Name: <input type="text" name=" Last Name: <input type="text" name=" "> "> "> 30 / 24 / 18 / 0 <input type="button" onclick="submit()" value="Look Up Name"> </form> </body> </html> 3. Go to the URL: http://rona.cs.usna.edu/~si110/lec/l13/stfin.html , enter some numbers, and click the “process” button. Normally, you get a nice message that your input has been processed. It so happens that the server script that the form submits to will crash and cause a server error if it receives -999 for both input values. For that reason, stfin.html does some client-side input validation to ensure that it never submits -999 for both values. Find a way to submit -999 to this server side script none the less! a. What is displayed in your browser when this happens. b. Describe exactly what you did to send this bad input to the server despite stfin.html’s input validation. 10 / 0 / 0 / 0 20 / 15 / 10 / 0 SI110 Spring AY13 Alpha:___________ Name:________________________________ Page 2 of 2 4. Consider this HTML file: <html> <head></head> <body> <form name="login" onsubmit="return false" action="http://rona.cs.usna.edu/cgi/validate.jsx" method="get"> Username: <input type="text" name="usrn" > Password: <input type="password" name="pswd"> <input type="button" value="login" onclick="submit()"> </form> </body> </html> a. You enter username "jonesy", the password "egbdf88", and press the "login" button. What URL gets visited as a result? 15 / 12 / 8 / 0 b. Even assuming there’s nobody and no camera looking over your shoulder, why is it that submitting a password to a website using forms and the "get" method like this puts your password in danger? 15 / 12 / 8 / 0 5. The URL http://rona.cs.usna.edu/~wcbrown/hwss.cgi is a server-side script. Unlike what we saw in class, rona won’t show you this script (you get an error message when you click on the above link), though it will let you execute it. The script expects a single input named alpha that, not surprisingly, should be your alpha code. If you call the script successfully, it will return a short message for you. Get the secret message for your alpha code! 5/0/0/0 Page 2 of 2