Monday, 2 July 2012

Feedback from the first question....

In a previous blog post, I wrote about the pntstr's bot that asks a question every week.

Last Wednesday, I sent the first question and aside from a small programming mistakes from me, everyone got the right answer.

First my mistake, I wrote a working version of the question page, then I started working on test cases. And by adding tests, I changed something and broke the application (my test case was sending an array instead of a string). When I tried it before sending the question I only tried one case (incorrect answer) and didn't check the "correct answer" case. Anyway... it's fixed now.

For the question... I'm still undecided on whether or not I should keep it. Even if I strongly think that pntstr's followers are way better than the average interviewee, a 100% success rate is really high... Maybe adding a success rate for each question in the "interview builder" will be good... Or maybe just some rewording?

The question was:

A webmaster wants to avoid paying for a SSL certificate. He wants to use JavaScript to encrypt the credentials before sending them to the server. Is it a safe solution?

And the expected answer was No. And this is why (information sent after you answered):

Even if JavaScript will ensure encryption of the credentials, users can't be sure that they are talking to the legitimate server, and anyone doing a man-in-the-middle attack can modify the page served to remove the encryption mechanism.

I will send the next question later during the week ;) In the meantime, you can start following pntstr if you want to get it :)

No comments: