Oauth-2 and OpenId Connect

OAuth 2.0 is a authorization framework where a user of a service can allow a third-party application to access his/her data hosted in the service without revealing his/her credentials (ID & password) to the application. OAuth 2.0 is a set of defined process flows for “delegated authorization”.

OpenID Connect is a framework on top of OAuth 2.0 where a third-party application can obtain a user’s identity information which is managed by a service.  OpenID Connect  standardizes the flow for person authentication using OAuth2. OpenId Connect is a set of defined process flows for “federated authentication”.

OAuth 2.0 Terminology:

Resource Owner:


Resource Server:

Authorization Server:



Find if an integer is a prime number

The algorithm can be improved further by observing that all primes are of the form 6k ± 1, with the exception of 2 and 3. This is because all integers can be expressed as (6k + i) for some integer k and for i = ?1, 0, 1, 2, 3, or 4; 2 divides (6k + 0), (6k + 2), (6k + 4); and 3 divides (6k + 3). So a more efficient method is to test if n is divisible by 2 or 3, then to check through all the numbers of form 6k ± 1.

function isPrime($n)
    // Corner cases
    if ($n <= 1)  return false;
    if ($n <= 3)  return true;

    // This is checked so that we can skip
    // middle five numbers in below loop
    if ($n % 2 == 0 || $n % 3 == 0) return false;

    for ($i=5; $i*$i<=$n; $i=$i+6) {
        if ($n % $i == 0 || $n % ($i+2) == 0)
           return false;

    return true;

Trulia Phone Interview


1) Difference between interface and abstract class. Write code to show example of each. Can a class derive from abstract class and implement an interface as well? (Yes)

2) Write a function to test a palindrome.

Javascript :
1) What is the difference between
x = 1;
var x = 1;
window.x = 1;

2) Write a function to add an array of numbers using the arguments variable

var data = [1,2,3,4];

function sum() {
   var myData = arguments[0];
   return myData.reduce(function (acc, num) { acc += num; return acc});

3) write a function to implement mult(4)(5)

function mult(x) {
   return function(y) {
       return x*y;

var ans = mult(4)(5);

4) Write a function to output alert(1), alert(2) every 1 second till 5 times
Similar to question asked in Ten-X interview.

5) write a function to put spaces in a string “Hello World” ==> “H e l l o W o r l d”.

var spacify = function (str) {
    return str.split('').join(' ');


Is it possible to write a function spacify like “hello world”.spacify()

String.prototype.spacify = String.prototype.spacify || function() {
  return this.split('').join(' ');


Memcached vs APC vs Varnish

Alternative PHP Cache (APC)
APC provides two caching mechanisms.

APC caches the opcode generated during the PHP execution cycle and then later will be able to avoid loading and parsing PHP files repeatedly.
APC also provides a key-value, object cache for PHP applications in shared memory.

Memcached is a distributed, key-value, object cache in memory. This is similar to the object cache provided by APC but there are some important differences. It’s in-memory, while APC’s object cache is in shared memory. This will make Memcached faster, but will also require the memory allocation for it’s storage. The other major difference is that Memcached is distributed. This means that it runs across multiple servers. For example, if you’re load-balancing your application. Generally, the need for a distributed object cache is why you would use Memcached.

Varnish is a caching HTTP reverse proxy. The reverse proxy part means that it sits between your application and the outside world. Visiting your domain will actually connect to Varnish. Varnish will then make the corresponding request to your application and then deliver it to the client. It will cache the results of these requests based on a configuration file you can write in the Varnish Configuration Language.

Varnish is neither an opcode cache like APC’s opcode cache component, nor an object cache like those in APC or Memcached. Varnish operates outside of your application and caches the entire HTTP response such as the whole HTML document returned by your application.

Varnish is extremely effective because it will cache the final resulting HTML document after all PHP or other server side processing is done. This means that when varnish delivers a page from cache, it avoids running the PHP code at all and consequently any database queries involved in generating the document. Delivering a cached page from Varnish is like delivering a static HTML file.


What is Clickjacking?

A clickjacked page tricks a user into performing undesired actions by clicking on a concealed link. On a clickjacked page, the attackers load another page over it in a transparent layer. The users think that they are clicking visible buttons, while they are actually performing actions on the hidden/invisible page. The hidden page may be an authentic page; therefore, the attackers can trick users into performing actions which the users never intended. There is no way of tracing such actions to the attackers later, as the users would have been genuinely authenticated on the hidden page.


What information does the apache access log contain? - - [05/Feb/2012:17:11:55 +0000] "GET / HTTP/1.1" 200 140 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.5 Safari/535.19"

%h is the remote host (ie the client IP)
%l is the identity of the user determined by identd (not usually used since not reliable)
%u is the user name determined by HTTP authentication
%t is the time the request was received.
%r is the request line from the client. (“GET / HTTP/1.0”)
%>s is the status code sent from the server to the client (200, 404 etc.)
%b is the size of the response to the client (in bytes)
Referer is the Referer header of the HTTP request (containing the URL of the page from which this request was initiated) if any is present, and “-” otherwise.
User-agent is the browser identification string.