WebApp Sec mailing list archives
RE: Ten Security Checks for PHP, Part 1
From: "Michael Howard" <mikehow () microsoft com>
Date: Fri, 21 Mar 2003 16:42:17 -0800
Aaarrrgggg...
// $page is a variable from the URL include($page); The user could set the $lib_dir or $page variables and include files
such as /etc/passwd or remote files such >>as http://www.some-site.com/whatever.php with malicious code. This malicious code could potentially delete >>files, corrupt databases, or change the values of variables used to track authentication status.
What to Look For Search code for the following functions: readfile fopen file include require
This is just wrong. The security issue is NOT THESE FUNCTIONS - it's the data, the fact that $page is untrusted is the issue.... Check the data.... If the data is untrusted, then validate it is correctly formatted, correct and safe, and then call the functions you need to get the job done... Cheers, Michael Secure Windows Initiative Writing Secure Code 2nd Edition http://www.microsoft.com/mspress/books/5957.asp -----Original Message----- From: Bob Auger [mailto:bauger () spidynamics com] Sent: Friday, March 21, 2003 1:39 PM To: webappsec () securityfocus com I found this linked from net-security.org today. Probabl of interest to the list. http://www.onlamp.com/pub/a/php/2003/03/20/php_security.html - Robert A.
Current thread:
- Ten Security Checks for PHP, Part 1 Bob Auger (Mar 21)
- <Possible follow-ups>
- RE: Ten Security Checks for PHP, Part 1 Michael Howard (Mar 22)
- RE: RE: Ten Security Checks for PHP, Part 1 {Very usefull sugestions....} Ing. Bernardo Lopez (Mar 23)
- Re: Ten Security Checks for PHP, Part 1 Sverre H. Huseby (Mar 23)
- RE: Ten Security Checks for PHP, Part 1 Michael Howard (Mar 23)