Asking the right technical questions on a phone interview to size a potential hire is always a challenge. You don’t want the applicant defeating you with Google or having to try to code something for you over the phone. Below I compiled some of my personal favorite questions or ideas to ask. The answers might be completely different for your environment. This list is just a quick start, let me know if you have anything good to add.

1. You inherit a database and application that controls permissions. What do you identify as the problems and in what order do you fix them:
Database:
Username, Password
Jim, taco
Bob, nachos
Pseudo Code: (in the application, the code executes)

<?php
$connection=mysql_connect('localhost,'dbusername', 'dbpasswrd');
mysql_select_db('db_test');
if($username!='' && $password!='')
{
$row=mysql_fetch_array(mysql_query("select * from users where username='$username' and password='$password'");
if($row['username']!="")
//Yeah they are logged in
}

2. What is the difference between ‘GET’ and ‘POST’ and when is it appropriate to use each?

3. Explain the relationship between APC, Memcache and Memcached?

4. How do you like to harden your favorite distro? (What packages, rules, config changes?)

5. Explain security through obscurity. Give an example of where you have seen people try to implement this?

6. Explain the differences between include, include_once, require, and require_once?

7. How do you encrypt passwords?

8. Oauth is used by many web services, give a high level overview of how it works. Explain what a HMAC is used for

9. With a default PHP installation, what steps are required to upload a 10mb file via a form?

10. Setting web permissions on a LAMP server – I have two users who I would like to access a shared web directory, how would you set that up?


Leave a Reply