PHP is in fact one of the most programming language for creating web applications. What makes it so popular is its easy integration with Mysql Database. Sometimes a feature-friendly language can help the programmer too much, and security holes can creep in, causing a serious security lapse.
Here are few tips that can ensure security of your application at beginners level also to help you avoid some common security pitfalls.
1) Error reporting: Error reporting has been one of the biggest ally for a programmer. Do try to report errors. You don’t want your site to show error messages right from the database to the users. This will reveal the security pitfalls quite easily. To report error simply include statement
=> error_reporting(0);
2) Stop active scripts to take over the data: A web application takes number of user inputs and displays them in number of other forms. While accepting inputs html could possibly prove dangerous as it runs Java Scripts in unintended fashion. This would Hijack cookies easily.
3) Validate: As an applications takes inputs its safer to validate them at the user end than on the server side. For example a library management takes inputs Student ID to create a new user database. So you almost know the expected inputs on this field. Validating them as soon as they are entered would be a better option.
A simple validation would be just
if ( ! preg_match( “/^[0-9]{8}$/”, $_GET[‘id’] ) )
{
//error reporting
Please enter Student ID 8 Digits
}
4) SESSION ID PROTECTION
Session ID hijacking can be a problem with PHP Websites. The PHP session tracking component uses a unique ID for each user’s session, but if this ID is known to another user, that person can hijack the user’s session and see information that should be confidential. Session ID hijacking cannot completely be prevented; you should know the risks so you can mitigate them.
5) Proper Sessions For instance, even after a user has been validated and assigned a session ID, you should revalidate that user when he or she performs any highly sensitive actions, such as resetting passwords. Never allow a session-validated user to enter a new password without also entering their old password, for example. You should also avoid displaying truly sensitive data, such as credit card numbers, to a user who has only been validated by session ID.
6) Prevent a SQL Injection
A SQL Injection attack is a form of attack that comes from user input that has not been checked to see that it is valid. The objective is to fool the database system into running malicious code that will reveal sensitive information or otherwise compromise the server.
here the example
$sql = “select username, password from users where username = ‘.addslashes($_POST[‘username’]) .’ and password = ‘. md5(‘$_POST[‘pwd’]’) .'”; | ||
$query = mysql_query($sql) or die(mysql_error()); | |
Even though already using addslashes() function the query will be more vulnerable to sql injection. Here are some ways to avoid this threat
1. Use your query to sprintf() function before execute it using mysql_query() function.
2. pass all of POST / GET data using mysql_real_escape_string() function before pass it to your query.
Here is the example
$username = mysql_real_escape_string($_POST[‘username’]); | ||
$password = md5($_POST[‘password’]); | ||
$sql = sprintf(“select username, password from users where username = ‘%s’ and password = ‘%s'”, $username, $password); | ||
$query = mysql_query($sql) or die(mysql_error()); |
If you need help, let me know in the comments section. :)
1 Comment