|
|
Posted by Gordon on 01/13/08 12:10
On Jan 12, 6:15 pm, firewood...@yahoo.com wrote:
> I am trying to secure sites I am developing, and I am especially
> concerned about intruders gaining command-line access to my sites by
> penetrating my PHP code. I have no idea how someone would do that.
>
> My sites are in a shared hosting environment, and I know that is an
> intrinsically insecure situation. I guess I will just have to live
> with it. However, what methods would someone visiting my site use to
> get to the command line, without having an account on the same server?
> How can I guard against such intrusions?
The short of it, follow the Fox Mulder approach when it comes to
handling user input and trust no one
The long of it, there are plenty of ways a PHP script could be
breached but what may happen depends on the script itself and what
it's doing. Here are a few tips that can be applied in general:
Never trust user input. Always check that form variables are in the
correct format and are valid for what you'er attempting to do with
them. One tip to do this quickly for integer values is to simply
apply intval() to them. Any invalid input will evaluate to 0
Never pass an unsanitized string to a database query. The vast
majority of cracks in PHP apps occur this way. A malicious user could
potentially use a script that doesn't check its input before passing
it to a database to do almost anything - Insert malicious data, expose
sensitive information, delete tables, anything. PDO prepared
statements are one way to limit the possibility of damage, but don't
depend on them as your only line of defence. Validate your data
first.
Give permission to your script to do what it has to to work and
nothing else. If your script writes to the filesystem allow it to
write only to locations you condone by chmodding directories.
Directories with a chmod value of 0777 are wide open. Create database
users for your application to use that have access only to what they
need.
Keep as much of your application out of web-facing locations as
possible. Of course the scripts that generate web page output must be
visible from teh web but there's no reason includes have to be.
don't use filesystem commands (rmdir, unlink, fopen etc) in your
scripts unless you absolutely have to. Unvalidated input passed to
commands that access or modify the filesystem can have dire
consequences. You risk exposing sensitive files like /etc/passwd or
damage to the filesystem that will prevent the machine from
rebooting.
Under no circumstances should you use eval (), exec () or any
derivative thereof! ABSOLUTELY DON'T USE THEM WITH USER INPUT! Eval
and Exec are probably the most dangerous commands in the PHP command
set. I've managed in years of coding to never use either, if you think
you do need them then think very carefully about your design as it
might be a code smell that there's something fundamentally wrong with
what you're trying to do.
Navigation:
[Reply to this message]
|