An application contains an administrative page that is subject to rigorous access controls. It contains links to diagnostic functions located on a different web server. Access to these functions should also be restricted to administrators only. Without implementing a second authentication mechanism, which of the following client-side mechanisms (if any) could be used to safely control access to the diagnostic functionality? Do you need any more information to help choose a solution?
(a) The diagnostic functions could check the HTTP Referer header to confi rm that the request originated on the main administrative page.
(b) The diagnostic functions could validate the supplied cookies to confi rm that these contain a valid session token for the main application.
(c) The main application could set an authentication token in a hidden fi eld that is included within the request. The diagnostic function could validate this to confi rm that the user has a session on the main application
Already registered? Login
Not Account? Sign up
Enter your email address to reset your password
Back to Login? Click here