One of a web developer’s biggest issues: security. If you don’t want your data stolen or your user’s redirected to other sites, there’s a lot of things you must go through to correct these problems.
One of the best ways I find to be able to make a secure website is to try and find possible insecurities in OTHER websites (AKA, hacking). Try and go to a website and put a few hours into finding a security problem. Maybe your website isn’t secure against this?
Part 1 – SQL Injections
SQL Injections are one of a programmer’s biggest nightmares. SQL Injections can be used to steal, delete, or edit data that is supposed to be protected. Like you can use SQL for your websites, SQL might also be able to be injected into your code. Let’s take a normal login form, for instance:
<form method="post"> <label for="username">Username:</label><input type="text" name="username" id="username" /> <label for="password">Password:</label><input type="password" name="pass" id="password" /> </form>
This simple little script will give us a login form. Now the PHP side of things will do something like so:
<?php$username = $_POST['username'];$password = $_POST['pass'];$user = mysql_fetch_array( mysql_query( "SELECT `id` FROM `users` WHERE `username` = '{$username}' AND `password` = '{$password}' LIMIT 1" ) );?>
Simple enough, right? Maybe you encrypt your password (which we will talk about in another part), but that’s beside the point.
The Problem:
Now a hacker would enter something like this into the username field: ‘ OR ’1′ = ’1′# and then the query would look like so: SELECT `id` FROM `users` WHERE `username` = ” OR ’1′ = ’1′#’ AND `password` = ‘{$password}’ LIMIT 1
This would allow the hacker to access accounts without even having a password to the account. The # escapes the rest of the query so that SQL doesn’t take it into account.
The Fix
Now to fix this problem we have to “escape” the data. In PHP, a “\” before an apostrophe. I use a global clean so I don’t forget to clean out any inputs. This cleans out ALL cookie, session, POST, GET, and REQUEST data.
The Function:
function Clean( $var ){if( is_array( $var ) ){foreach( $var as $key => $val ){$var[$key] = $this->Clean( $val );}}elseif( is_string( $var ) ){$var = str_replace( '\&', '&', escapeshellcmd( htmlentities( $var ) ) );}else return;return $var;}
This function grabs $var and cleans all of its values, returning the sanitized variable. The escapeshellcmd( ) function cleans different SQL-dangerous values,while the htmlentities( ) function cleans things like “<” or “>” (HTML Entities). The use of the Clean( ) function:
This example will clean all inputs to DB friendly values! This also cleans out things like <script> or <a> that could possibly lead to dangerous outputs.$check = array( '_ENV', '_GET', '_POST', '_FILES', '_COOKIE', '_REQUEST', '_SESSION' ); foreach( $check as $key => $elm ) { ${$key} = Clean( ${$key}); }
Up Next: PHP Security: Part 2 – Protecting vulnerable files
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.