Faltu Funda
Admin and announcement forums
| 30 Mar 2008 | |||||
|---|---|---|---|---|---|
|
practice interviews and prepare for interviews in todays changing world every one want to increase there salaries very quickly. Changes your employer is an very efficient solution for this. But changing employer and company is not so easy. cont.. |
||||
| 15 Apr 2008 | |||||||
|---|---|---|---|---|---|---|---|
|
security issues with php websites I'm a php developer and listning so much about security issues in php websites. Every one who are coding in other general languages like java and .NET raises questions about the security issues in php. They feels php as less secure then those languages. Even after a long study and search around on google, i found no issues related to security in php (language). All the issues i found are only by neglegence of a developer. I nowhere found that php is less secure then other languages. Here i'm giving a brief description about security concerns while coding a website in php. 1. SQL injection sql injection is a very common problem in all the websites. main reason of sql injection is non validatin user inputs before storing then in database. You should always validate user inputs before putting them in queries. if you expact a data to be integer then validate it for integer. PHP provides functions to make user inputs sqlinjection proof( to some level) that are addslahses() and mysql_escape_string(). These functions can be used to increase security against sqlinjection. Other issues with database security is keeping database password safe. Do not put these password in an inc file always put them in php files, so they would not be directly visible. put password files out of web document directory. so it will become unreachable by general browsing. it would be even better if you create two database users one is root with all privileges and other is general with viewable permissions only.so in case of password disclosure or sql injection attack data in database will not be harmed anly can be viewed. 2. Directory traversal Directory traversal attack can only occure if you are taking file path from users as input and displaying that file directly from that path. a curious user can input file path as "../../etc/password/" and can reach to any file. It can be secured by validating file names with functions realpath() and basename(). these funciton will remove "../" from input and also remove directory names and return file names. So, now input will be secure. More on all these functions can be found from php manual. Properly set file permissions and giving minimun permission to files can also stop directory traversal attacks. 3. Authentication issues HTTP is a stateless protocol, it do not remembers what was there before this page. So, to maintain state of website, everyone uses cookies or sessions or both. In case of cookies all the data is stored in client machine, while in case of sesssions, php can save session id in cookies and that id will be sent to server with each request. If some how, session id can beb gussed, then anybody can gain a more privileged access and can harm a website. If we put request IP address in session for each session id, then we can find that request for a particular sessionid is coming from same ip address or it is changed. In case of change, we can say that session id has been hacked. But this method will not work where many users share same ip address like from an intranet running internet by proxy server. php saves session data in a tmp folder that is accessible by many users ( in case of shared hosting ) so, anyone can read session data from these files. php provides configuration to change the path where session will be saved. best way to secure session is to store them in database. how? you can find in php manual. 4. Cross Site Scripting (XSS) XSS is putting other websites content in your website, without your permission Suppose you are storing comments from users and displaying those comments on website. now, if some comments contains an iframe then it can display content of any website in that frame. but it's ok. it is not so, harmful. What if any body puts a javascript code somewhere in user inputs. that code can send any secrete of any user to some malicious site or can harm in any way. but php provides ways to protect from these attacks. you can use htmlentities(), htmspecialchars() these functions will convert all html entered in a non executable format. more can be found inphp manuals 5. File uploads files uploads in php can be made secure by carerully planning the code. php upload files to a temporary location before moving them to destination. and this temporary location is in reach of every one. so, this is the devils place. any malicious user can change that temp file, to make it harmful when moved to destination. but ,if you uses move_uploaded_file() instead of copy, then you can save from this attack. secondaly, any one can upload a file like, .bashfile. this file is always run by linux. this can be saved by always changes file names to your own generated file names. Other issues are with register_globals and with safe_mode but these can be properly managed from php. I found only these issues of security in php but with how to cure. Do any body know any other security issues in php websites. |
||||||
 |
 |
 |
||
|
||||
 |
|
 |
||
