GO IT WORLD | IT TECH | IT NEWS » PHP World

PHP Code Security Part 6

jason — Wed, 09 Sep 2009 01:11:05 +0000

Magic Quotes:

What are Magic Quotes:

Magic Quotes is a process that automagically escapes incoming data to the PHP script. It’s preferred to code with magic quotes off and to instead escape the data at runtime, as needed.

Why did we use Magic Quotes:

There is no reason to use magic quotes because they are no longer a supported part of PHP. However, they did exist and did help a few beginners blissfully and unknowingly write better (more secure) code. But, when dealing with code that relies upon this behavior it’s better to update the code… Read the rest

PHP Code Security Part 5

jason — Tue, 01 Sep 2009 05:48:31 +0000

User Submitted Data

The greatest weakness in many PHP programs is not inherent in the language itself, but merely an issue of code not being written with security in mind. For this reason, you should always take the time to consider the implications of a given piece of code, to ascertain the possible damage if an unexpected variable is submitted to it.

Example 1 Dangerous Variable Usage

<?php // remove a file from the user's home directory... or maybe // somebody else's? unlink ($evil_var); // Write logging of their access... or maybe an /etc/passwd entry? … Read the rest



PHP Code Security Part 4
jason — Mon, 31 Aug 2009 07:46:00 +0000
Using Register Globals
Perhaps the most controversial change in PHP is when the default value for the PHP directive register_globals went from ON to OFF in PHP » 4.2.0. Reliance on this directive was quite common and many people didn’t even know it existed and assumed it’s just how PHP works. This page will explain how one can write insecure code with this directive but keep in mind that the directive itself isn’t insecure but rather it’s the misuse of it. 
When on, register_globals will inject your scripts with all sorts of variables, like request variables from HTML… Read the rest


PHP Code Security Part 3
jason — Fri, 28 Aug 2009 12:43:44 +0000
Error Reporting
With PHP security, there are two sides to error reporting. One is beneficial to increasing security, the other is detrimental. 
A standard attack tactic involves profiling a system by feeding it improper data, and checking for the kinds, and contexts, of the errors which are returned. This allows the system cracker to probe for information about the server, to determine possible weaknesses. For example, if an attacker had gleaned information about a page based on a prior form submission, they may attempt to override variables, or modify them: 
Example 1 Attacking Variables with a custom HTML… Read the rest


PHP Code Security Part 2
jason — Thu, 27 Aug 2009 10:28:28 +0000
SQL Injection    
Many web developers are unaware of how SQL queries can be tampered with, and assume that an SQL query is a trusted command. It means that SQL queries are able to circumvent access controls, thereby bypassing standard authentication and authorization checks, and sometimes SQL queries even may allow access to host operating system level commands. 
Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data, or to override valuable ones, or even to execute dangerous system level commands on the database host. This is accomplished by… Read the rest


PHP Code Security Part 1
jason — Wed, 26 Aug 2009 07:39:48 +0000
Filesystem Security:
PHP is subject to the security built into most server systems with respect to permissions on a file and directory basis. This allows you to control which files in the filesystem may be read. Care should be taken with any files which are world readable to ensure that they are safe for reading by all users who have access to that filesystem. 
Since PHP was designed to allow user level access to the filesystem, it’s entirely possible to write a PHP script that will allow you to read system files such as /etc/passwd, modify your ethernet connections,… Read the rest


session_start: Cannot send session cookie – headers already sent by
jason — Tue, 25 Aug 2009 09:18:51 +0000
my session test code:
<html>    
<head>     
<title>PHP SESSION TEST CODE</title>     
</head>     
<body>     
<?     
session_start();     
session_register("MVAR");     
$MVAR="hello world";     
echo "The content of sess variable is $MVAR";     
?>     
<a href="call_session.php">Next page</a>     
</body>     
</html>
Error Tips
Warning: session_start(): Cannot send session cookie – headers already sent by (output started at d:\www\session.php:7) in d:\www\session.php on line 8
Warning: session_start(): Cannot send session cache limiter – headers already sent (output started at d:\www\session.php:7) in d:\www\session.php on line 8    
The content of sess variable is hello worldNext page
Solution:
1.Modify your php.ini… Read the rest