|
Posted by Gordon Burditt on 10/24/72 11:40
>Let's say I've a page which is called with arguments a, b and c
>
>test.php?a=val_a&b=val_b&c=val_c
>
>but, i don't want to allow anyone to modify either val_a, val_b or
>val_c
>
>I thought it would be a good idea, to add another argument which could
>combines (through some algorithm) val_a, val_b and val_c, and check it
>every time the page is called.
Try this: combine a, b, c, and some secret string into one string.
(e.g. concatenate them in a specific order with comma separators).
Compute a hash (e.g. md5()) of this string. This is your
additional argument. Check them the same way.
Since your secret string never leaves the server, the attacker
doesn't know it (even if he does know the method used to construct
the hash). It's supposed to be difficult to generate collisions
(two different strings that have the same hash).
Some warnings: be sure that there aren't other ways of constructing
your combination string. For example, with comma separators, someone
could change
a=1,2 b=3 c=4
to
a=1 b=2,3 c=4
and keep the same hash, so it's a good idea to use a separator that
can't be a legitimate part of the string. Beware of HTTP munging
the arguments (e.g. going out a had the value a singlequote b
and coming back in it might have the value a percentsign 2 7 b)
which will mess up your hash.
Realize that an attacker can replay any combination of arguments you've
ever generated a hash for if they can sniff your server traffic.
Gordon L. Burditt
[Back to original message]
|