Tutorials, Articles, SEO, CMS, MySQL - Unofficial 110MB Support Center
Article Search:
Home Articles / How-To's Downloads Support Forum Useful links November 27 2009 16:13:25
Navigation
Home
Articles / How-To's
Downloads
110MB Upgrades
Support Forum
Useful links
Search
Site Map
Login
Username

Password



Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.
Things to Do
Forum Threads
Newest Threads
SEO, Using anchor te...
Official PHP Fusion ...
Box 12
any postions open :P ?
How To Save Time By ...
Hottest Threads
Official PHP Fusi... [7]
any postions open... [7]
Box 12 [4]
Do you have what ... [4]
Add these downloads [3]
Users Online
Guests Online: 2
No Members Online

Registered Members: 75
Newest Member: go2
Latest Articles
To protect your images...
How to add your site t...
Nwwl Redirect
Create custom error pa...
SMF 2.0 Beta 3 with SQ...
phpBB3 "Olympus" Relea...
PHP and MySQL security
How to install E107
Wordpress update the e...
Making your own RSS feed
PHP and MySQL security
I am going to do a series of PHP & SQL Security articles, these will cover a lot of different security measures for use within PHP and MySQL.

Web Security
Whether your site is a personal site, a gallery, or a large website, web security always matters, especially after the hard work you could do into creating your website, only for some hacker to ruin it if you haven't put the proper measures into the security of your site.

There are a large amount of problems to looks for, an unfortunately not all of them have a defined solution, but we can look at most of them and a solution to them.

SQL Injection
This is one of the most widely used hacking techniques on a website, the attack consists of using a form that connects to a database after being submitted, the attacker will add some sort of SQL Command into the form for the query to do something else.

These can really lethal to your site, as an attacker could even manage to delete an entire table, an example of this would be inputted data into a text field like so; x'; DROP TABLE members;, and in the query, this would act out as the below.


Code:
SELECT * FROM members WHERE username = 'x'; DROP TABLE members;

I have underlined the code in where the part from the form would be due, this of course, makes a command to select from a members table, then the attack ends this command and starts a completely new one to drop the table. Thus all members being deleted.

Directory Traveral
This attack can occur anywhere user-supplied data (from a form field or uploaded filename, for example) is used in a filesystem operation. If a user specifies “../../../../../../etc/passwd” as form data, and your script appends that to a directory name to obtain user-specific files, this string could lead to the inclusion of the password file contents, instead of the intended file. More severe cases involve file operations such as moving and deleting, which allow an attacker to make arbitrary changes to your file system structure.

Authentication Issues
Authentication issues involve users gaining access to something they shouldn't, but to which other users should. An example would be a user who was able to steal (or construct) a cookie allowing them to login to your site under an Administrator session, and therefore be able to change anything they liked.

User data in form fields
When a user enters information into a form which is to be later processed on your site, they have the power to enter anything they want. Code which processes form input should be carefully written to ensure that the input is as requested; password fields have the required level of complexity, e-mail fields have at least some characters, an @ sign, some more characters, a period, and two or more characters at the end, zip or postal codes are of the required format, and so on.

Each of these may be verified using regular expressions, which scan the input for certain patterns. An example for e-mail address verification is the PHP code shown below. This evaluates to true if an e-mail address was entered in the field named 'email'.


Code:
preg_match('/^.+@.+..{2,3}$/',$_POST['email']);
 

You may be wandering how this information is relevant in security, take a guest book or something similar for example, users can enter anything they want into a form fields and it will get processed into showing on the page for a guest book, but what if they enter in HTML?

Of course, HTML can be harmless on a guest book, for example, if the user enters the following.


Code:
 
<b>Hello</b>, How are you?

This of course, will show up as "Hello, How are you?" - yes it isn't harmless. But consider someone else who wants to do someone more devastating. If a user puts in the following into the form field.


Code:
 
Hey, great site!
<script language=”JavaScript”>document.location
=”http://www.dot-silver.co.uk/”;</script>

The javascript will automatically redirect everyone that goes onto that page to a location the user has entered, for example, their own site. Sure, it's harmless but it stops guests from visiting your own page, called a denial of service attack.

Though great for PHP, it has ways of preventing this kind of attack using the following functions.

strip_tags() - This removed all PHP and HTML tags from a string, thus preventing html from being shown.

nl2br() - Converts new line characters into
html tags, this is only shown because it will be needed when using strip_tags, since
will be stripped, so new lines must be put back in using this function.

htmlspecialchars() - This will entity-quote characters such as <, > and & remaining in the input after strip_tags() has run. This prevents them being misinterpreted as HTML and makes sure they are displayed properly in any output.

Written by ITmaster @ 110mb.com Support Forum

Posted by Diemux on March 08 2008 00:05:02 792 Reads · Print
Copyright © The Unofficial 110MB Support Center 2007
 Theme based on Valencia, created by PHP Fusion Themes

110MB Resource Center is written and operated by members of 110mb. 110mb is not responsible for the content.