(b) You have been hired by AcmeWidget Ltd to secure the web interface to a legacy system, backed by a database management system using SQL. This system is complex, its source code has been lost, and you have been unable to nd a precise denition of allowable input values. You have been asked to write input validation procedures, that will identify values which are suspected to be malicious, and ag them for later manual inspection. For each of these input elds, explain one validation procedure you could perform, and justify why it is appropriate: i. the name of a le in a particular directory on the server; [7 marks] ii. a parameter that you believe will be used in an SQL statement [7 marks] iii. a string that will be loaded into memory and parsed as English text [7 marks] (c) For one of the validation procedures you gave above, discuss how a sophisticated attacker could circumvent detection. [9 marks]