Posted by OmegaJunior on 02/27/07 07:41

On Tue, 27 Feb 2007 01:04:42 +0100, shror <shahirwm@gmail.com> wrote:

>
> first thing
> I have tested the radio button when i added the entire <img> tag in
> its value part and gave me errors because of the quotes like you said.=

> but then i was trying and i removed the quotes and its working great
> without any problem, its looking like this,
>
> <input type=3D"radio" value=3D"<img src=3D/images/button1.png>"
> name=3D"nature">
>
> its really working fine

Excellent! What happens when your image name contains a space? Like =

'/images/the first button.png'?

>
>
> second thing
> about securing the form i have tested the file named 'veryhidden.txt'
> and its not found, but i was wondering about what is this file and
> what is the use of it how its useful for hacker.

As I said, you may not have a veryhidden.txt (especially since I made up=
=

the file name), but you will have a lot of other files, that may contain=
=

passwords or other sensitive info, or may show pictures you'd rather onl=
y =

show to people you select. Point is, that a hacker will take a look at =

your form, then at the gallery.php, and then will come up with a fairly =
=

simple way of getting it to show any file on your system.

They'd have to guess the file names, so let's guess... I expect your sit=
e =

to have an 'index.php', maybe an 'index.html', possibly a 'default.htm' =
=

and a 'default.asp' depending on the web server, probably a '.htaccess',=
=

and perhaps a '.htpwd' or '.htpassword' in case you've chosen to secure =
=

some of your directories. In case you're using a unix or linux server it=
's =

possible that your mail is in your directories as well.

Imagine what would happen if you'd be running a database system that =

requires you to log in with a user name and password. Some systems I kno=
w =

use a file named 'config.ini' or 'config.php' for storing such =

configurations. Imagine a hacker who happens to know or guess the system=
=

you use, and then requests your gallery.php to show the contents of that=
=

configuration file? They'd get immediate access to your password, user =

name, and path to the database.

>
>
> third
> am working on finding a security way for the forms and will sure get
> your openion if you dont mind.

I don't mind at all.

Some things you can do:
1) Use an indexed file system, where you number your images, and you onl=
y =

pass the image numbers through your form. The gallery.php will then pick=
=

up the selected number and use it to fetch the accompanying picture. If =
=

you add a check to see whether the received number actually is a number =
=

and not just some text some hacker threw together, you'd be fairly safe.=


2) If you insist on passing the actual directory and file names, you may=
=

want to apply an encoding (base-64 for instance, see the b64_encode() =

function) to obfuscate the names in the form. Then decode the names in t=
he =

form handler (using b64_decode() for instance) AND check to see whether =
=

the wanted file exists in a directory of your liking (see the real_name(=
) =

and basedir() functions), AND check to see whether it's an image file an=
d =

not something else.

>
>
> fouth and finally for now is
> to Thanks you for your detailed answers and your help for now and
> later :D

Much obliged! I hope it helps!



-- =

Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

[Back to original message]