Board index   FAQ   Search  
Register  Login
Board index PHP PHP Scripts

SYSTEM SECURITY EMERGENCY!!!

Links for php scripts

Moderators: macek, egami, gesf

SYSTEM SECURITY EMERGENCY!!!

Postby jami045 » Fri Jun 27, 2003 10:22 pm

Hello my php'ers I have a problem with the security of a system I am trying to develop, and it is the following: I have no idea of how to authenticate who is sending the POST vars to my script, and I am worried someone could "Save As" the introduction form and introduce unwanted info in my system. does anyone have ideas about how to authenticate the sending form or URL? I need this urgently so I will be gratefull to anyone that answers my question...

in other words how can I know if it was my own submition form or a hacking copy of my form who sent the $HTTP_POST_VARS['foo'] to my script????

I am worried someone is introducing data from an unwanted location or machine violating my security capabilities.

some ideas of how to secure my script?
jami045
New php-forum User
New php-forum User
 
Posts: 2
Joined: Fri Jun 27, 2003 9:38 pm

Postby liquedus » Sat Jun 28, 2003 4:31 am

maybe use sessions to verify that someone has a valid session from your site, otherwise reject the info

or maybe check HTTP_REFERRER

just a thought. :)
liquedus
php-forum Active User
php-forum Active User
 
Posts: 266
Joined: Tue Apr 08, 2003 5:18 am
Location: Ottawa, Canada

Postby jami045 » Sat Jun 28, 2003 8:11 am

THANK YOU!!, I made this code out and it works, I verify if the request method is POST, and if my host is in the HTTP_REFERER... I hope this helps people that had the same question as I did. :lol:

Code: Select all
<?php
if ($_SERVER['REQUEST_METHOD']=="POST"){
   if (strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])>7 || !strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST'])){
         die(""); //or maybe EXIT;
    }
}
?>
jami045
New php-forum User
New php-forum User
 
Posts: 2
Joined: Fri Jun 27, 2003 9:38 pm

Postby mike » Fri Jul 04, 2003 6:32 pm

I will also suggest HTTP_REFERER... its simple and great :wink:
User avatar
mike
New php-forum User
New php-forum User
 
Posts: 73
Joined: Sun May 04, 2003 4:26 am
Location: Athens


Return to PHP Scripts

Who is online

Users browsing this forum: No registered users and 3 guests

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.