1hls ls CSS0.

narvard Co||ege lall 2011

0 < 16
u|z 1
out of 97 po|nts


r|nt your name on the ||ne be|ow.



uo noL Lurn Lhls page over unLll Lold by Lhe sLaff Lo do so.

1hls qulz ls "closed-book." Powever, you may uLlllze durlng Lhe qulz one Lwo-slded
page (8.3" ! 11") of noLes, Lyped or wrlLLen, and a pen or pencll, noLhlng else.

Scrap paper ls lncluded aL Lhls documenL's end.
unless oLherwlse noLed, you may call any funcLlons we've encounLered Lhls Lerm ln code LhaL you wrlLe.
Un|ess otherw|se noted, no more than two sentences are expected for short answers.
If runn|ng short on t|me, you may resort to pseudocode for potent|a| part|a| cred|t.

C|rc|e your teach|ng fe||ow's name.

Alex Chang
Alex Pugon
Andrew Wang
Ashln Shah
8annus van der klooL
8o Pan
8ob klnney
Cheng Puang
Cragln Codley
uan 8radley
uoug Lloyd
!ack Creenberg
!ason Plrschhorn
!enny ?e
!lmmy Sun
!ohn Lee
!ordan !ozwlak
!oseph Cng
!oshua Lee
!ulla MlLelman
!ulle Zhang
karen xlao
kenny ?u
kevln Zhang
Larry LhrhardL
Levl 8oLh
Lexls 8oss
MarLa 8rallc
MaLLhew CharLler
Mellssa nlu
Mlchael Chen
Mlchael 1lngley
Mlchelle Luo
naoml 8oloLln
neal Wu
aLrlck 1hornycrofL
aul 8owden
aul Pandorff
eLer Pung
8.!. Aqulno
8ob 8owden
SebasLlan lerce-uurance
Sophle Chang
SLeven 1rlcanowlcz
1ommy MacWllllam
1ony Po
1ravls uowns
vanessa 1an
Wellle Chao
?acoub kureh
Zak 8urke
1hls ls CSS0.
narvard Co||ege lall 2011
1 < 16







for staff use on|y
!
"#$%&!'()*+!),-!)"!./!
!"#$%#$%!"#$&%
%&'(&')*!+,,-.-*'())%*+,,*
*%-%,.%
/0+1*2+3'*4-5-6**
%
+&% /+%01#23$&4%%567589%:88%!;9%<=>?9@A&%
%
% % %
% % %
%
%
7'3-*+'*8&,9-6*
*
'1B%C(D"%1E%3"C%$3(3CFC23$%GC)1HI%D#BD)C%!%#E%3"C%$3(3CFC23%#$%3BJC%1B%'%#E%3"C%$3(3CFC23%#$%E()$C&%
%
,&% !% !% /+%01#23$&4%%?(K#L%"($%<1HLC2%'CKCB&%
*&% !% '% /,%01#23&4%%;!!M%M=A!$%(BC%F1BC%$CDJBC%3"(2%;!!M%N9!$%GCD(J$C%3"C%E1BFCB%(BC%%
% % % C2DBO03CL&%
P&% !% '% /,%01#23&4%%>"CBC($%5%0B1QB(F$%D(2%GC%CRCDJ3CL%(3%(%D1FF(2L%)#2CI%M;M%0B1QB(F$%FJ$3%%
% % % GC%CRCDJ3CL%GO%(%HCG%$CBKCB&%
S&% !% '% /,%01#23&4%%;!T8%#$%(%0B1QB(FF#2Q%)(2QJ(QCI%H"CBC($%5AA%#$%213&%
U&% !% '% /,%01#23&4%%;JEEF(2%D1L#2Q%J3#)#VC$%G#2(BO%3BCC$%31%D1F0BC$$%:A566%E#)C$&%
%
%
%
%
%
%
%
%
%
:+'*9;&::*39-*+0,<*
%
%%%%%%=*
%
1hls ls !"#$.
%&'(&')*!+,,-.-*lall 2011*
3 < 16
>;;&?@A*

6. (2 polnLs.) Pow can a programmer mlnlmlze Lhe probablllLy of a buffer-overflow aLLack?







7. (2 polnLs.) Pow can a user mlnlmlze Lhe probablllLy of a sesslon-hl[acklng aLLack?







*
B&991+')9C*!"#6*
*
8. (1 polnL.) Why should daLabases noL sLore users' passwords ln clearLexL?






9. (2 polnLs.) WhaL's a one-way hash?






10. (2 polnLs.) Suppose LhaL one-way hashes of users' passwords are sLored ln some webslLe's
daLabase raLher Lhan Lhe passwords Lhemselves. Lxplaln Lhe process by whlch Lhe webslLe can
noneLheless auLhenLlcaLe a user upon submlsslon of hls or her password.






:+'*9;&::*39-*+0,<*

=*

1hls ls !"#$.
%&'(&')*!+,,-.-*lall 2011*
4 < 16
!"#$*";&?@6*

Suppose LhaL a sLack for (non-negaLlve) lnLegers has been declared globally per Lhe below, where
CAPACITY ls Lhe maxlmum number of lnLegers LhaL can be ln Lhe sLack, and size ls Lhe number of
lnLegers currenLly ln Lhe sLack.

struct
{
int numbers[CAPACITY];
int size;
}
stack;

Assume LhaL stack has been lnlLlallzed (!"#", ln main) per Lhe below.

stack.size = 0;

11. (4 polnLs.) CompleLe Lhe lmplemenLaLlon of pop, below, ln such a way LhaL Lhe funcLlon pops
($"!", removes and reLurns) Lhe int aLop Lhe sLack. (1o remove Lhe int, lL sufflces Lo "forgeL" lL,
you needn'L overwrlLe lLs blLs.) lf stack ls empLy, pop should lnsLead reLurn -1.

int
pop(void)
{










12. (4 polnLs.) CompleLe Lhe lmplemenLaLlon of push, below, ln such a way LhaL Lhe funcLlon pushes
($"!", adds) n on Lo Lhe Lop of stack and Lhen reLurns true. lf stack ls full or n ls negaLlve, push
should lnsLead reLurn false.

bool
push(int n)
{





:+'*9;&::*39-*+0,<*

=*

1hls ls !"#$.
%&'(&')*!+,,-.-*lall 2011*
3 < 16
13. (2 polnLs.) 8ecall LhaL a queue can be declared qulLe llke a sLack, wlLh Lhe addlLlon of one fleld,
head, LhaL sLores Lhe lndex of Lhe int aL Lhe head ($"!", fronL) of Lhe queue, as ln Lhe below.

struct
{
int head;
int numbers[CAPACITY];
int size;
}
queue;

Why ls head advanLageous for queue buL noL for stack?

*
*
*
*
*
*
*
*
*
7'D-*;E-9-6*

14. (2 polnLs.) WhaL's one advanLage of uslng a Lrle Lo sLore a dlcLlonary of Lngllsh words?*









13. (2 polnLs.) WhaL's one dlsadvanLage of uslng a Lrle Lo sLore a dlcLlonary of Lngllsh words?*

*
:+'*9;&::*39-*+0,<*

=*

!"#$%#$%CSS0&%
narvard Co||ege '())%*+,,
.%-%,.%
Des|gn Dec|s|ons.%
%
'1B%C(D"%0(#B%GC)1HI%%%KCB$J$%&I%(BQJC%H"C2%O1J%$"1J)L%J$C%%%1KCB%&%/1BI%#E%O1J%0BCECBI%&%1KCB%%4&%
%
,.&% /*%01#23$&4%%'%KCB$J$%()(*
%
%
%
%
%
%
,Z&% /*%01#23$&4%%+,-,./0$12%KCB$J$%()(*
%
%
%
%
%
%
,\&% /*%01#23$&4%%34/,3*-,0$,53!%KCB$J$%#345,3*-,0$,53!*
%
%
%
%
%
%
%
$ no, |t's Cmega aga|n.

,^&% /,+% 01#23$&4% % 51F0)C3C% 3"C% 3(G)C% GC)1H% GO% $0CD#EO#2Q% )1HCB% /b4% (2L% J00CB% /64% G1J2L$% E1B% C(D"%
()Q1B#3"F&% % :$$JFC% 3"(3% C(D"% L(3(% $3BJD3JBC% ()BC(LO% D123(#2$% 7% $3B#2Q$% (2L% 3"(3% C(D"% $3B#2Q% #$% 1E%
)C2Q3"%21%QBC(3CB%3"(2%$1FC%D12$3(23&%
%
|ower (u) upper ($)
#2$CB3#12%#231%(%hash tab|e w|th separate cha|n|ng%% * %
#2$CB3#12%#231%(%tr|e% % %
#2$CB3#12%#231%(%sorted ||nked ||st% % *
LC)C3#12%EB1F%(%sorted ||nked ||st% * %
LC)C3#12%EB1F%(2%unsorted ||nked ||st% * %
%
for staff use on|y
%
%%%%%%-
%
!"#$%#$%!"#$&%
%&'(&')*!+,,-.-*'())%*+,,*
Z%-%,.%
7++*53?E*;+*E&0),-6%
%
512$#LCB% 3"C% )#2C% 1E% c(K(ADB#03% D1LC% GC)1HI% H"CBC% xhr% #$% (2% 1G[CD3% 1E% 3O0C% XMLHttpRequest% (2L%
handler%#$%3"C%2(FC%1E%(%EJ2D3#12%LCE#2CL%C)$CH"CBC&%
%
xhr.onreadystatechange = handler;
%
*+&% /*%01#23$&4%%62%3"C%D123CR3%1E%:[(RI%CR(D3)O%H"(3%L1C$%3"#$%)#2C%1E%D1LC%L1Y%
%
%
%
%
%
%
%
%
%
*,&% /*%01#23$&4%%>"(3%H1J)L%GC%3"C%CEECD3%#E%HC%#2$3C(L%HB13C%3"(3%)#2C%H#3"%(%0(#B%1E%0(BC23"C$C$%B#Q"3%
(E3CB%handlerI%($%#2%3"C%GC)1HY%
%
xhr.onreadystatechange = handler();
%
%
%
%
%
%
%
%
%
%
**&% /P% 01#23$&4% % >"(3% (BC% c(K(ADB#03I% :[(RI% (2L% [dJCBOY% % T(XC% D)C(B% "1H% 3"C% 3"BCC% (BC% BC)(3CL% OC3%
L#EECBC23&%
*
*
*
:+'*9;&::*39-*+0,<*
%
%%%%%%=*
%
1hls ls !"#$.
%&'(&')*!+,,-.-*lall 2011*
8 < 16
FNOP*Q36
*
23. (6 polnLs.) Suppose LhaL Lhere are 8 days ln a monLh and LhaL you are glven 1 pennles on Lhe flrsL
day of LhaL monLh, 21 addlLlonal pennles on Lhe second day of LhaL monLh, 41 addlLlonal pennles
on Lhe Lhlrd day of LhaL monLh, and so forLh, wlLh Lhe dally number of pennles doubllng each day
up Lhrough Lhe lasL day of LhaL monLh.

now conslder Lhe P1ML form below.

<form action="pennies.php" method="get">
Days in month: <input name="d" type="text">
<br>
Pennies on first day: <input name="p" type="text">
<br>
<input type="submit" value="Calculate Total">
</form>
*
CompleLe Lhe lmplemenLaLlon of pennies.php below ln such a way LhaL Lhe page calculaLes and
dlsplays Lhe LoLal amounL LhaL you wlll recelve over Lhe course of a monLh, expressed noL as
pennles buL as dollars and cenLs (!"#", $21474836.47). know LhaL P comes wlLh funcLlons
called printf and pow LhaL behave [usL llke Lhelr C couslns, buL you're welcome Lo solve Lhls
problem wlLhouL uslng elLher. ?ou may assume LhaL Lhe user wlll submlL an lnLeger beLween 28
and 31, lncluslve, for d and a poslLlve lnLeger for p. ?ou needn'L worry abouL overflow. 1ake care
Lo close any Lags.

<!DOCTYPE html>

<html>
<head>
<title>pennies</title>
</head>
<body>
<?

*
:+'*9;&::*39-*+0,<*

=*

1hls ls !"#$.
%&'(&')*!+,,-.-*lall 2011*
9 < 16
R&LD)*8D'-6**IS*L+D0;9*-&?E6K*

24. WhaL's ocLal noLaLlon?





23. WhaL's an assoclaLlve array?





26. lf boLh foo.com and bar.com are hosLed on Lhe same server and resolve vla unS Lo Lhe same l
address, how does LhaL server dlsLlngulsh requesLs for Lhe former from requesLs for Lhe laLLer?





27. WhaL's an anonymous funcLlon?





!+5L&'-*&0)*!+0;'&9;6*
*
Conslder Lhe Lwo llnes of code below.

// first line
$s = htmlspecialchars($_POST["s"]);

// second line
$s = mysql_real_escape_string($_POST["s"]);

28. (2 polnLs.) Compare Lhe Lwo llnes of code: how are Lhey slmllar?




29. (2 polnLs.) ConLrasL Lhe Lwo llnes of code: how are Lhey dlfferenL?
:+'*9;&::*39-*+0,<*

=*

1hls ls !"#$.
%&'(&')*!+,,-.-*lall 2011*
10 < 16
!"#$*T3-3-6

Conslder Lhe MySCL Lable called questions below, used Lo keep Lrack of quesLlons aL Cfflce Pours.



Suppose LhaL each Llme a quesLlon ls asked by a sLudenL aL offlce hours, lL's lnserLed as a row ln Lhls
Lable, along wlLh an auLolncremenLed lu, Lhe quesLlon's caLegory, Lhe sLudenL's username, and Lhe day
and Llme aL whlch Lhe quesLlon was asked. Cnce Lhe sLudenL ls palred wlLh a sLaff member, LhaL same
row ls updaLed wlLh Lhe sLaff member's username.

30. (3 polnLs.) Whlch of Lhls Lable's flelds should be declared, lf any, as a prlmary key? WhaL would
be Lhe advanLage, lf any, of declarlng lL as such?






31. (2 polnLs.) WlLh whaL SCL query could you reLrleve all rows for quesLlons asked on
Palloween Lhls year (2011-10-31)?
*
*
*
*
*
*

32. (2 polnLs.) Suppose LhaL 1ommy wlshes Lo Lake credlL for all quesLlons ever answered by MaLL.
WlLh whaL SCL query could 1ommy replace all lnsLances of MaLL's username (chartier) ln Lhls
Lable wlLh hls (tmacwill)?


*
:+'*9;&::*39-*+0,<*

=*

1hls ls !"#$.
%&'(&')*!+,,-.-*lall 2011*
11 < 16
7E-:&?-M++@6*

33. (1 polnL.) Conslder Lhe P11 requesL below.

GET /home.php HTTP/1.1
Host: facebook.com
User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Connection: keep-alive

WhaL u8L do Lhese headers suggesL a user vlslLed?





34. (2 polnLs.) Conslder Lhe P11 response below.

HTTP/1.1 301 Moved Permanently
Location: http://www.facebook.com/
Content-Type: text/html; charset=utf-8
Date: Wed, 16 Nov 2011 13:10:00 EST
Content-Length: 0

WhaL effecL do Lhese headers have on a user's browser?


*
*
*
33. (2 polnLs.) Conslder Lhe P11 sLaLus code below.

403 Forbidden

Why mlghL a server respond Lo an P11 requesL wlLh Lhls sLaLus code?
*
*
*
*
*
*
:+'*9;&::*39-*+0,<*

=*

1hls ls !"#$.
%&'(&')*!+,,-.-*lall 2011*
12 < 16
%&'(&')!+3'9-96*

Suppose LhaL courses.cs50.net responds Lo an P11 requesL wlLh Lhe headers below.

HTTP/1.1 200 OK
Date: Wed, 16 Nov 2011 13:10:00 EST
Server: Apache
Set-Cookie: PHPSESSID=kh2mpljcarebrrpc1amdths063; path=/
Content-Type: text/html; charset=UTF-8

36. (2 polnLs.) WhaL does lL mean for a server Lo seL a cookle, as vla Lhe headers above?






37. (3 polnLs.) Lxplaln ln no more Lhan one paragraph Lhe relaLlonshlp beLween PHPSESSID and
P's $_SESSION.








%
%
U&9+0*V0?+)-6

38. (2 polnLs.) Conslder Lhe P code below.

<?
$tf = array();
$tf["name"] = "Jason";
$tf["house"] = "Kirkland";
print(json_encode($tf));
?>

LxacLly whaL wlll Lhls code ouLpuL? ?ou needn'L preLLy-prlnL your answer.*
%
:+'*9;&::*39-*+0,<*

=*

1hls ls !"#$.
%&'(&')*!+,,-.-*lall 2011*
13 < 16
"@-;?E<*W-M*B&.-6

Conslder Lhe P1ML below.

<!DOCTYPE html>

<html>
<head>
<title>Google</title>
</head>
<body>
<form action="/search" method="get">
<input name="q" type="text">
<input type="submit" value="Google Search">
</form>
</body>
</html>

39. (2 polnLs.) lf Lhls P1ML llves aL http://www.google.com/ and a user lnpuLs ?&;-LD,,&' lnLo Lhe
form, aL whaL u8L wlll uavld Lhe user flnd hlmself upon submlLLlng Lhe form?




40. (2 polnLs.) CompleLe Lhe skeLch of Lhls P1ML's uCM below. ?ou may omlL elemenLs' aLLrlbuLes
alLogeLher.






*
:+'*9;&::*39-*+0,<*

=*

1hls ls !"#$.
%&'(&')*!+,,-.-*lall 2011*
14 < 16
>,5+9;*;E-*V0)6*

41. (6 polnLs.) Conslder Lhe P1ML form below vla whlch users can subscrlbe Lo some webslLe's
malllng llsL.

<!DOCTYPE html>

<html>
<head>
<script>

function f()
{



















}

</script>
<title>subscribe</title>
</head>
<body>
<form action="subscribe.php" method="post" name="s" onsubmit="return f();">
Email Address: <input id="email" name="email" type="text">
<br>
Email Address (again): <input id="email2" name="email2" type="text">
<br>
<input type="submit" value="Subscribe">
</form>
</body>
</html>

CompleLe Lhe lmplemenLaLlon of f above ln such a way LhaL Lhls form wlll only be submlLLed Lo
subscribe.php lf Lhe user has lnpuLLed ldenLlcal values of non-zero lengLh for boLh email and
email2. ?ou needn'L check wheLher Lhose values are synLacLlcally valld emall addresses. ?ou
needn'L lnform Lhe user of any errors, as wlLh alert. Assume LhaL !avaScrlpL ls enabled ln all
users' browsers. ?ou may noL alLer Lhe P1ML glven or use [Cuery.

42. (0 polnLs.) WhaL's Lhe meanlng of llfe?
:+'*9;&::*39-*+0,<*

=*

!"#$%#$%!"#$&%
%&'(&')*!+,,-.-*'())%*+,,*
,U%-%,.%
7ED9*D9*!"#$*"?'&L*B&L-'6*
*
*
**
*
*