Note on a PHP Security

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: egami, macek, gesf

Post Reply
User avatar
Alexej Kubarev
Site Admin
Site Admin
Posts: 2213
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län
Contact:

Fri Dec 31, 2004 10:06 am

This information has been taken from PHP.net:

-----------------------------------------------------------------------------

A Note on Security in PHP
[31-Dec-2004] PHP is a powerful and flexible tool. This power and flexibility comes from PHP being a very thin framework sitting on top of dozens of distinct 3rd-party libraries. Each of these libraries have their own unique input data characteristics. Data that may be safe to pass to one library may not be safe to pass to another.

A recent Web Worm known as NeverEverSanity exposed a mistake in the input validation in the popular phpBB message board application. Their highlighting code didn't account for double-urlencoded input correctly. Without proper input validation of untrusted user data combined with any of the PHP calls that can execute code or write to the filesystem you create a potential security problem. Despite some confusion regarding the timing of some unrelated PHP security fixes and the NeverEverSanity worm, the worm didn't actually have anything to do with a security problem in PHP.

When we talk about security in a web application we really have two classes. Remote and Local. Every remote exploit can be avoided with very careful input validation. If you are writing an application that asks for a user's name and age, check and make sure you are only getting characters you would expect. Also make sure you are not getting too much data that might overflow your backend data storage or whatever manipulation functions you may be passing this data to. A variation of the remote exploit is the XSS or cross-site scripting problem where one user enters some javascript that the next user then views.

For Local exploits we mostly hear about open_basedir or safemode problems on shared virtual hosts. These two features are there as a convenience to system administrators and should in no way be thought of as a complete security framework. With all the 3rd-party libraries you can hook into PHP and all the creative ways you can trick these libraries into accessing files, it is impossible to guarantee security with these directives. The Oracle and Curl extensions both have ways to go through the library and read a local file, for example. Short of modifying these 3rd-party libraries, which would be difficult for the closed-source Oracle library, there really isn't much PHP can do about this.

When you have PHP by itself with only a small set of extensions safemode and open_basedir are generally enough to frustrate the average bad guy, but for critical security situations you should be using OS-level security by running multiple web servers each as their own user id and ideally in separate jailed/chroot'ed filesystems. Better yet, use completely separate physical servers. If you share a server with someone you don't trust you need to realize that you will never achieve airtight security.

--------------------------------------------------------------------------

I recommend everyone to take a look at their configurations and security levels to minimize the chance of being hacked..
Best Regards,
Alexej Kubarev
-------------------------------
Zend Certified Engineer
Image Image

User avatar
j4012345
New php-forum User
New php-forum User
Posts: 21
Joined: Sun Feb 14, 2016 10:57 am

Sun Feb 14, 2016 11:45 am

phpBB did they make an update script for this php security risk?

User avatar
khan1danish
New php-forum User
New php-forum User
Posts: 11
Joined: Wed Mar 06, 2019 3:57 am
Location: India
Contact:

Mon Apr 15, 2019 4:10 am

Today the technology has evolved so much that it has become a challenge to control and prevent its misuse. Hacking, over the years, has destroyed many companies and now is considered as one of the major drawbacks of the digital platform. In order to secure their networks from a malicious hacker, ethical hacking is being practiced by the companies. Ethical Hacking is a practice adopted by millions of companies today in order to protect their networks. Candidates can join the Best Ethical Hacking Training to understand each and every aspect of this practice.
There is a very fine line between malicious hacker and an ethical hacker. A malicious hacker enters the network without the permission of the owner and disturbs the setting and the data present in the system. Hacking has resulted in a monetary loss for various organizations along with reputation, data and customer loss. Ethical Hacking is also known as Penetration Testing where the ethical hacker enters the owner's network with their due permission in order to make the network more secure. The primary responsibility of an ethical hacker is to find out the loopholes in the security of the network and rectify them immediately so as to prevent a malicious hacker from entering the system. Ethical Hacker follows the same footsteps as the malicious hacker would use to detroit the security of any network, the only difference is with the intention of the two. The requirement for an ethical hacker is only going to increases with the advancement in technology; therefore, aspirants must join the Best Ethical Hacking Course in Noida.
Danish Khan
Marketing Executive at KVCH Academy

Post Reply