On Tue, Mar 12, 2002 at 05:42:12PM +0800, Jason Wong wrote:
> On Tuesday 12 March 2002 12:27, Analysis & Solutions wrote:
>
> The source of the data *does* matter. That is why the latest releases of
> PHP (> 4.0.6) recommends having register_globals OFF by default.
> ... snip snip snip ...
> To see why the source of data matters, see the chapter "Security::Using
> Register Globals"
The examples on that page are lame. For example:
if($HTTP_COOKIE_VARS['username']){
// can only come from a cookie, forged or otherwise
$good_login = 1;
fpassthru ("/highly/sensitive/data/index.html");
}
Naturally, just because someone submits a user name doesn't make their
submission valid. I know, they're just using that as an example. But,
in the real world, you need to first make sure the username submitted
fits within your expected parameters of length and character types.
Plus, if you're about to put that user name into a query, doesn't
contain any characters which will trick the query. Then, you need to
check that the user name is valid. Then, and only then, would you
permit the user to get the sensitive data. Regardless of where the data
comes from, all of those steps need to be taken. Thus, it doesn't
matter where the data came from.
> But if you don't know where the data came from then it's not secure. Consider
> a "real-life" example. Robin Hood steals the Sheriff's ATM card, and the
> Sheriff stupidly enough has written the PIN onto the back of the card. Now
> Robin can go and withdraw all the money from the Sheriff's account because
> the ATM has no way of knowing that the card was stolen (it doesn't know where
> the source of the data came from), all it knows is that the data is valid
> (right card, right PIN).
Hmm. You're correct. At the same time, the point I'm trying to make is
not about the person transmitting the data, but rather, the means
they're doing so. My issue is the thief would also be able to use that
pin to (hypothetically, of course) access the Sheriff's account via
debit card purchases in stores, the bank's website and bank-by-phone
services.
Regardless of the means used to transmit the PIN, the bank still needs
to ensure the data is clean before they perform the check to see if the
PIN is the right PIN for that account.
Enjoy,
--Dan
--
PHP scripts that make your job easier
http://www.analysisandsolutions.com/code/
SQL Solution | Layout Solution | Form Solution
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
