|
|
Posted by Peter Fox on 11/17/44 11:39
Following on from Gordon Burditt's message. . .
>>Anything that can be seen can be hacked. So for example
>><a href="deleteuser.php?id=44">remove your record</a>
>>would be a seriously bad idea! Hidden fields are also useless in this
>>respect.
>
>I see nothing particularly wrong with:
>
>><a href="deleteuser.php?id=44">remove your record</a>
>
>*IF* you VALIDATE THE REQUEST when it is submitted. (That is, check
>that the user has the authority to remove the specific record he
>is trying to remove when it is submitted, *AGAIN*, don't just check
>when presenting the page with the link on it. If users have the
>authority to remove their own records only, mucking with the id=
>value will just get the request rejected.) And if you don't
>validate the request at the time it is submitted, someone will find
>another hole that's just as bad (e.g. guessing someone's "removal
>request ticket").
You are quite right that each and every request has to be validated on
its own merits.
But using ?REF=FOO
(a) Tells viewers what keys I'm using to identify records
(b) Is an invitation to hack here /and all other places/
(c) Can leak who/what/how many is in the system that may be private
Suppose for sake of argument we have a list of people that was
alphabetically loaded
1=Amos
2=Betty
3=Charlie
etc.
We may be happy to have this whole list public for most purposes, but
supposing we had a confidential reporting system and listed them
"(submitter wants to remain anonymous) Click for details"
with a href of ... EMPNO=4 ....
Then it doesn't take much savvy to work out that it was Dave who was
making the report even if we get rejected when clicking the link (or the
link target might anonymise and let us through 'safely').
OK, being an ace designer who never makes these mistakes :) _I_ wouldn't
use EMPNO here, but if not leaking information is important then err...
don't leak it.
[Something similar was used to break the Dutch ID card key.]
--
PETER FOX Not the same since the poster business went to the wall
peterfox@eminent.demon.co.uk.not.this.bit.no.html
2 Tees Close, Witham, Essex.
Gravity beer in Essex <http://www.eminent.demon.co.uk>
Navigation:
[Reply to this message]
|