New Year Sale ! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Salesforce Exam CRT-450 Topic 7 Question 47 Discussion

Actual exam question for Salesforce's CRT-450 exam
Question #: 47
Topic #: 7
[All CRT-450 Questions]

Which code in a Visualforce page and/or controller might present a security vulnerability?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Bernardine at Mar 15, 2024, 05:42 PM

Limited Time Offer

25%

Off

Get Premium CRT-450 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Gladys
5 months ago
I'm with Oliva on this one, C or D seem like the way to go. Gotta protect that data, you know?
upvoted 0 times
...
Izetta
5 months ago
Haha, B is like waving a big 'hack me' sign. Might as well just hand over the keys to your system!
upvoted 0 times
...
Desiree
6 months ago
Agreed. We should always sanitize and validate user input to prevent security risks.
upvoted 0 times
...
Keneth
6 months ago
Definitely B, that unescaped user input is just asking for trouble. Gotta be careful with that kind of thing.
upvoted 0 times
Nu
4 months ago
B) Yeah, escaping user input is crucial to prevent vulnerabilities.
upvoted 0 times
...
Felton
5 months ago
A) A seems risky too, always validate user input!
upvoted 0 times
...
...
Iluminada
6 months ago
I think options A and B are both potential vulnerabilities. We need to be careful with how we handle user input in Visualforce pages.
upvoted 0 times
...
Devon
6 months ago
I see your point, Candidate 3. Option B could also be a problem if it's not handling user input securely.
upvoted 0 times
...
Buck
6 months ago
But what about option B? It's using escape='false', could that be a vulnerability too?
upvoted 0 times
...
Desiree
6 months ago
I agree, option A looks risky. It's not filtering out any potentially harmful scripts.
upvoted 0 times
...
Oliva
6 months ago
Option B looks risky, using escape='false' can open up the page to XSS attacks. I'd go with C or D to be on the safe side.
upvoted 0 times
Elinore
5 months ago
I agree, C and D seem like safer options to prevent security vulnerabilities.
upvoted 0 times
...
Leonora
6 months ago
Option B looks risky, using escape='false' can open up the page to XSS attacks. I'd go with C or D to be on the safe side.
upvoted 0 times
...
Latosha
6 months ago
I agree, I would go with C or D to be on the safe side.
upvoted 0 times
...
Lilli
6 months ago
Option B looks risky, using escape='false' can open up the page to XSS attacks.
upvoted 0 times
...
...
Iluminada
7 months ago
I think option A might present a security vulnerability because it's not properly escaping user input.
upvoted 0 times
...
Nida
7 months ago
Option B allows user input to be rendered as HTML, opening up possibilities for cross-site scripting attacks.
upvoted 0 times
...
Jennifer
7 months ago
I'm not sure about option B. Can someone explain why it might be vulnerable?
upvoted 0 times
...
Amie
7 months ago
I agree with Rosalind. Passing user input directly into the controller without proper validation can be dangerous.
upvoted 0 times
...
Rosalind
7 months ago
I think option A might present a security vulnerability.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77