Suppose that John writes the following php script to access his database. He is worried that the script can be read by an adversary and

Suppose that John writes the following php script to access his database.

$username = userdb_5648;

$password = 7F519X-X_;

$hostname = localhost;

$dbh = mysql_connet($hostname, $username, $password)

if ($dbh){

print Connected to MySQL ;

}

...

?>

He is worried that the script can be read by an adversary and he wants to protect the login information. Given that this script is only accessed by an administrator, John decides to write code that places a magic value within the cookie of the administrator and then somehow use this value to hide all critical information in the above PHP script (specifically the raw value of $username and $password). Note that the magic value can be accessed from within the script in the following way:

_COOKIE[mymagic]

a) Write a modified PHP script that achieves Johns objective. Explain what the magic value will be.

b) What is the main defect of Johns approach?

c) What would be a better way to achieve Johns objective?

PLEASE ANSWER ALL PARTS OF THE QUESTION AND SHOW WORK.