| Date | November 2017 | Marks available | 2 | Reference code | 17N.2.SL.TZ0.8 |
| Level | SL | Paper | 2 | Time zone | no time zone |
| Command term | Outline | Question number | 8 | Adapted from | N/A |
Question
Open source code is made available by a community of developers and is frequently updated. The code can be downloaded for free, but users must register with the website and have their access authenticated.
Authentication is based on signing in to an established third-party company, for example a user’s existing email or a social network account. The third-party company then verifies the user, granting them access to the open source code website.
The URL of this website is www.OpenSourceDev.org. Any new pieces of code that the developers make available become new resources on the website. A script generates weekly automatic notifications of new code available on the site, and sends this notification to users as an email.
Evaluate the use of server-side scripting to provide the mechanism for registration.
Explain how the user’s privacy can be maintained whilst using this method of authentication.
Outline, with an example, how the URL for these new pieces of code will be generated.
Outline the steps that the script could perform for sending out these notifications.
A fragment of a script and a web form are provided below.
In the script some functions are not implemented, and only their specification is provided.
<?php
//include a database of urls
include('url_db.php');
$url = $short = "";
if ($_SERVER["REQUEST_METHOD"] == "POST")
{ $url = $_POST['url'];
$short = make_short($url);
function make_short($u)
{ $x = make_alpha_string($u);
$y = first4_last4($x);
$z = limits($x);
$v = $y. ".".$z; //string concatenation
return $v;
}
function make_alpha_string($u)
{ // It removes, in this order: substrings corresponding to
// protocol names, the substring www, and all characters
// except for letters
}
function first4_last4($u)
{ // It returns the string made of the first 4 characters
// followed by the last 4 characters of $u
}
function limits($u)
{ // It returns the string made of the first character and
// last character of $u
}
mysql_query("
INSERT INTO url_db(orig_url, short_url, url_ip) VALUES
( '".$_POST['url']."',
'".$short."',
'".$_SERVER['REMOTE_ADDR']."'
)
");
}
?>
<form method="post" action="">
URL:
<input type="text" name="url" />
<br><br>
<input type="submit" name="Submit" value="Submit" />
</form>
Describe the processing that occurs when the form is filled with the URL https://www.the2nd.org/bin.php?id=70 that the server discovers is associated with the IP address 172.16.254.1.
Markscheme
Award up to [4].
Server-side scripting does not require the installation of extra resources on a computer, for example the latest plug-in to run the script;
The log-in process will generally be slower as a round trip has to be made;
However, for regular visitors of the site, it speeds up the login, as the server script might be linked to data storage and recognize their access for further reference;
The server script is independent from the version of the browsers that is used, the user just sees the HTML interface (this is the typical problem with client-side scripting);
A security breach on the server could lead to all log-ins being compromised;
However, server-side is more secure as client-side is more easily hacked into;
There can be occasional downgrade in performance if too many users are running simultaneously their scripts on the server;
However, for the nature of the files, this should not generate bottlenecks in the network (small files, not intensive streaming);
Award up to [4 max].
Your email address and associated password are private;
Both are needed to register with the initial website, but at most only the email address is stored there;
They are forwarded to the third-party website for identification;
The third-party identifies/confirms whether or not the person is who they say they are, based on their email/social network services that the third party provides;
This yes–no answer/confirmation provides the authentication for the open-source developers;
Award [1] for stating how the URL is generated, and [1] for giving an example, up to [2 max].
It is generated by taking the path of the website extended with the path for the code;
e.g. www.OpenSourceDev.org/newcode/json/fakecode007;
The script accesses the file of new URLs (in a file);
And adds the URLs to an email template;
Then accesses the file of email addresses of subscribers (and sends email);
Award marks as follows, up to [3 max]. (Note: there are [5] marking points)
Award [1] for the value passing from the form to php via POST.
Award [1] for the operation of the code to generate the short URL with final $v.
Award [1] for access to update database.
Award [1] for a new correct triple in database.
Award [1] for remote access operated by server through the database to retrieve the URL.
Note: Competent use of terminology is needed to award full marks. Generic answers that show general good understanding of the process, but lack use of competent language should not be awarded full marks.
Example
The value of the URL that is inputted (and submitted) via the form is stored in the variable URL which Interacts with the php code, because the method POST is specified in the form, therefore starting a communication process;
The process generates a different value for the name for the URL that is used to update a database of URLs together with the IP address;
The IP address is retrieved by the server through a remote call requested from the insertion in database;
The new value for the URL that is generated, given the one in input, isthenhpid.tdand is stored in$v;
(detail of intermediate operations:
$x = thendorgbinphpid
$y = thenhpid
$z = td
$v = thenhpid.td)
The new record inserted in the database url_db will be the following triple www.the2nd.org/bin.php?id=70, thenhpid.td, 172.16.254.1;
