hi, well, there are a lot of articles on the internet... however, i bought a book... it really helped a lot! :)
there are so many things, developers can do worng, but here is a listing of the most important ones: but the most important thing you can do is to check very varaible for bad characters... with some special chars you can manipulate SQL-queries, open otherfiles (on the local system OR even on remote systems) or even execute some nice bash-scripts... (you can avoid such attacks, if you've set register_globals to Off) i.e. if you include a page in your securityhole1.php via http get/post vars: <?php include($page); ?> make sure, the users can't enter something like this: securityhole1.php?page=http://www.somewhere.else/badcode.php the second important thing is to set the variables you need to a specific value, before you start using them, so that the users can't do something, they shouldn't do by setting the variable to a value by a get/post request: i.e. securityhole2.php: <? if ($password=="topsecret") $showstuff ='yes'; ....some more code here.... if ($showstuff=='yes') echo "well done..."; else echo "hahahahaha... you can't read this! hahahahaha...."; ?> in this case you can access secret information by using the following url: securityhole2.php?showstuff=yes it also quite important to check numbers for their value (are they too high / low)... i made the experience, that you can slow down a webserver a lot, if you send multiple requests with number values that lead i.e. to an infinite loop... although php terminates the scripts after X seconds, it gives you the possibility to run a lot of php scripts simultaneously! :) Try to protect php scripts, which you don't need to access directly, i.e. with .htaccess files... i.e. store your libaries/templates in a directory and protect them with a .htaccess like this: ----BEGIN OF .htaccess sample--- order deny,allow deny from all ----END OF .htaccess sample--- there are also some important facts about file uploads... but for now, it's quite late (3:15 in the morning...) and i'm quite tired... there are even some more problems, especially by using the session mechanisms.... i hope, this helps to fix the main security holes... C ya and goood night to all of you... =0) - Marco Weber - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
