473,320 Members | 1,713 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

security threats in php

pradeepjain
563 512MB
Hii guys,
I want to know what are major security loop holes in php.


one major being the bad programming,,,



thanks,
Pradeep
Sep 16 '08 #1
5 2029
Markus
6,050 Expert 4TB
Mysql Injection, Cookies, Sessions.

Not, of course, a problem with PHP, but a problem with the programmer.

If you the programmer know how to correctly program an application/webpage you need not worry about *loop holes*.

Kind regards.
Sep 16 '08 #2
Atli
5,058 Expert 4TB
The biggest threat would probably be user input.
Always assume use input is meant to harm your server in some way and validate it accordingly.
That should take care of most threats.

Btw, I count Sessions, Cookies and stuff like the User Agent and Referrer variables as user input. Everything the browser provides can be manipulated by the user.
Sep 16 '08 #3
pbmods
5,821 Expert 4TB
I coulda sworn we had another thread about this somewhere....

The rule of thumb when dealing with Users:
  1. Validate input.
  2. Escape output.

Validate Input

To achieve the former, follow three simple rules:
  1. Don't trust the User
  2. Don't trust the User
  3. Don't trust the User

There is a fourth rule (Don't trust the User), but I left it off to avoid redundancy.

What do I mean by that? In a nutshell: $_POST['itemid'] is not an integer, $_POST['email'] is a phone number, $_GET['username'] probably contains malicious SQL code.

Joel Spolsky explores using Hungarian notation to make unsafe User input obvious (http://www.joelonsoftware.com/articles/Wrong.html), but you can just as easily solve the problem by building good habits.

Never use superglobals in any of your code. Always clean them as soon as you get them:

Expand|Select|Wrap|Line Numbers
  1. $itemid = (int) $_POST['itemid'];
  2. $email = validate_email($_POST['email']);
  3. $username = mysqli_real_escape_string($_GET['username'], $conn);
  4.  
  5. /** UNSAFE */
  6. $query = "SELECT ... WHERE `Username` = '{$_GET['username']}' ...";
  7.  
  8. /** SAFE */
  9. $query = "SELECT ... WHERE `Username` = '{$username}' ...";
  10.  
SQL injection is perhaps the most spectacular vulnerability that can be exploited when a programmer fails to validate input, but you might also encounter oddness when, for example, processing payment data, sending requests to web services and other processes that involve sending or storing User input.

Escape Output

Always escape anything that gets output by your application. The majority of the time (escaping content for the User's web browser), you can achieve this using the built-in htmlentities() function (http://php.net/htmlentities).

Escaping output thwarts vile XSS attacks and prevents oddly-formatted User input from breaking your HTML.

Note that you won't always find yourself escaping data for HTML. When sending data to a web-service, be sure to XML-escape any tag values that you send (htmlentities() can handle this just fine).

If you are generating a CSV file, you need to escape commas, and so on.

Output escaping can also be used to improve the quality of your User experience. For example, when outputting a value that should be a phone number, run it through a function that formats it in (###) ###-#### format (watch out for international phone numbers!).
Sep 17 '08 #4
pradeepjain
563 512MB
I generally use
[PHP]<?php
function htmlspecialchars_array($arr = array()) {
$rs = array();
while(list($key,$val) = each($arr)) {
if(is_array($val)) {
$rs[$key] = htmlspecialchars_array($val);
}
else {
$rs[$key] = htmlspecialchars($val, ENT_QUOTES);
}
}
return $rs;
}
$array=htmlspecialchars_array($array);
?>
[/PHP]


before fetching data from database .And before inserting into database i use this script

[PHP]<?php
function sanitize($input){
if(is_array($input)){
foreach($input as $k=>$i){
$output[$k]=sanitize($i);
}
}
else{
if(get_magic_quotes_gpc()){
$input=stripslashes($input);
}
$output=mysql_real_escape_string($input);
}

return $output;
}
$_POST=sanitize($_POST);
?>[/PHP]


Is there any script to use ..So as to ensure secure data injection to database.


thanks,
pradeep
Sep 17 '08 #5
Markus
6,050 Expert 4TB
I generally use
[PHP]<?php
function htmlspecialchars_array($arr = array()) {
$rs = array();
while(list($key,$val) = each($arr)) {
if(is_array($val)) {
$rs[$key] = htmlspecialchars_array($val);
}
else {
$rs[$key] = htmlspecialchars($val, ENT_QUOTES);
}
}
return $rs;
}
$array=htmlspecialchars_array($array);
?>
[/PHP]


before fetching data from database .And before inserting into database i use this script

[PHP]<?php
function sanitize($input){
if(is_array($input)){
foreach($input as $k=>$i){
$output[$k]=sanitize($i);
}
}
else{
if(get_magic_quotes_gpc()){
$input=stripslashes($input);
}
$output=mysql_real_escape_string($input);
}

return $output;
}
$_POST=sanitize($_POST);
?>[/PHP]


Is there any script to use ..So as to ensure secure data injection to database.


thanks,
pradeep
As long as you mysql_real_escape_string() your input you will be fine.
Sep 17 '08 #6

Sign in to post your reply or Sign up for a free account.

Similar topics

7
by: Paddy McCarthy | last post by:
I sent the following this morning: -------- Original Message -------- Subject: Threats to the: Daily Python URL! Date: Mon, 19 Apr 2004 07:50:04 +0100 From: Donald 'Paddy' McCarthy...
29
by: rjames.clarke | last post by:
I am developing an online application and the last thing I need to get a handle on is security. This app is very heavy with forms. Business critical data will be entered via forms and inserted in...
116
by: Mike MacSween | last post by:
S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data...
7
by: Magdelin | last post by:
Hi, My security team thinks allowing communication between the two IIS instances leads to severe security risks. Basically, we want to put our presentation tier on the perimeter network and the...
14
by: WebMatrix | last post by:
Hello, I have developed a web application that connects to 2 different database servers. The connection strings with db username + password are stored in web.config file. After a code review,...
6
by: google | last post by:
I have a few general questions. I am working on a new database to be used within my company. I would like to give a couple of people, particularly HR, the ability to add and delete Access users,...
0
by: Innycool | last post by:
Save 25% on Norton Internet Security Automatic security updates Advanced phishing detection Two-way firewall blocks hackers Windows security holes shielded Public wireless network...
3
by: Salad | last post by:
On one computer I am getting the message "This file may not be safe if it contains code that was intended to harm your computer. Open It?" and on my computer I didn't get that message when I...
4
by: dheeraj857 | last post by:
Well i am studying about web security. I have found some threats that developer should take care while coding. 1) Validate user input 2) SQL Injection 3) Cross -site scripting I would like...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.