Tips: PHP security - Page 2

sketchMedia · 10-18-2007, 03:23 PM

Good article, made for interesting reading.

A generic rule to apply (the very basic attack prevention) is "filter input, escape output" just be paranoid about everything that is inputted into your system, start now if you dont so you dont have to learn the hard way :(

There is also another quite common session security issue with php, if your site is its on a shared host ie its not on its own dedicated server.

An good article explaining what it is and how to prevent it: http://phpsec.org/projects/guide/5.html

There are some other interesting security articles on that site too

peace out

ReSpawN · 11-23-2007, 08:16 PM

Very awesome article. I've read it completely and I must say, bravo.

My system is protected against querystring attacks. Every command MySQL uses, every designated die or exit function is blocked an I left nothing to coincidence there.

Refering back to the mysql_real_escape_string and the sprintf command. I still don't quite understand those. What's up with them. Are they handy to use, easy to filter out and do they provide a safe security and a easy handle?

Next to that, my cookies are stored ... well, of course on a users PC, but stored quite safely.

I used part of a method mr. buddha 'invented'. So to speak anyways. I retrieve the ID from the user, the username, the sha1 (4x) md5 (4x) password, the IP, the browser (incl language) and the time. Next, I am pushing it all into a once again formatted sha1 (4x) md5 (4x) string, which I call the cookies validationkey. For short, unforgeable as I know it. Since you cannot copy the login SECOND, IP, Language, Browser, username and 8 times encrypted password. Next, I push it, when succesfuly logged in, into the users database, where it's stored as user_validationkey. That is the key which will be refreshed every time. The NEXT thing I do, is of course update the userrecords and give the cookie an ID of it's own. It's almost logical that the $_SESSION[ID] and user_id still stored the user's ID, but sessions don't last as long as 30day cookies, or more.

Well, I am quite amazed by the topic but as you can see and if I am correct, my system is at least a little bit foolproof. Tho I bet some of your handy people could still get in.

What do you guys think?

Tanax · 11-23-2007, 10:17 PM

FILTER is a thing I've never heard before, but it's quite handy for forms.

This is a bit long, but you'll get the point:

php Code:

$arguements = array(
            
                'user_name' => array(
                                
                                'filter' => FILTER_SANITIZE_STRING,
                                'flags' => FILTER_NULL_ON_FAILURE
                                
                                ),
                                
                'user_pass' => array(
                                
                                'filter' => FILTER_SANITIZE_STRING,
                                'flags' => FILTER_NULL_ON_FAILURE
                                
                                ),
                                
                'user_pass_re' => array(
                                
                                'filter' => FILTER_SANITIZE_STRING,
                                'flags' => FILTER_NULL_ON_FAILURE
                                
                                ),
                                
                'user_email' => array(
                                
                                'filter' => FILTER_VALIDATE_EMAIL,
                                'flags' => FILTER_NULL_ON_FAILURE
                                
                                ),
                                
                'user_firstname' => array(
                                
                                'filter' => FILTER_SANITIZE_STRING,
                                'flags' => FILTER_NULL_ON_FAILURE
                                
                                ),
                                
                'user_surname' => array(
                                
                                'filter' => FILTER_SANITIZE_STRING,
                                'flags' => FILTER_NULL_ON_FAILURE
                                
                                ),
                                
                'user_age' => array(
                                
                                'filter' => FILTER_VALIDATE_INT,
                                'flags' => FILTER_NULL_ON_FAILURE
                                
                                ),
                                
                'user_country' => array(
                                
                                'filter' => FILTER_SANITIZE_STRING,
                                'flags' => FILTER_NULL_ON_FAILURE
                                
                                ),
                                
                'user_location' => array(
                                
                                'filter' => FILTER_SANITIZE_STRING,
                                'flags' => FILTER_NULL_ON_FAILURE
                                
                                )
            
                );
            
            $data = filter_input_array(INPUT_POST, $arguements);

This would be pretty safe(notice that this is not completely safe, but it's still a good way to start - or add to - your security).

The FILTER_NULL_ON_FAILURE works like it returns NULL if the field isn't filled. And it returns FALSE when the FILTER fails.

And also, how to then get to your cleaned data, would be like this(pretty obvious, but meh.. :P):

php Code:

$data['user_name'], $data['user_pass'], $data['user_email'], $data['user_firstname'], $data['user_surname'], $data['user_country'], $data['user_location'], $data['user_age']