One feature of PHP that can be used to enhance security is
configuring PHP with register_globals = off. By turning off
the ability for any user-submitted variable to be injected
into PHP code, you can restrict the amount of variable
poisoning a potential attacker may inflict.
While it does slightly increase the amount of effort required
to work with PHP, it has been argued that the benefits far
outweigh the effort.
Example 4-8. Working without register_globals=off
<?php
if ($username) { // can be forged by a user in get/post/cookies
$good_login = 1;
}
if ($good_login == 1) { // can be forged by a user in get/post/cookies,
fpassthru ("/highly/sensitive/data/index.html");
}
?>
|
|
Example 4-9. Working with register_globals = off
<?php
if($HTTP_COOKIE_VARS["username"]){ // can only come from a cookie
$good_login = 1; // cannot be forged by a user
fpassthru ("/highly/sensitive/data/index.html");
}
?>
|
|
By using this wisely, it's even possible to take preventative
measures to warn when forging is being attempted. If you know
ahead of time exactly where a variable should be coming from,
you can check to see if submitted data is inappropriate.
Example 4-10. Detecting variable poisoning
<?php
if ($HTTP_COOKIE_VARS["username"] &&
!$HTTP_POST_VARS["username"] &&
!$HTTP_GET_VARS["username"] ) {
$good_login = 1;
fpassthru ("/highly/sensitive/data/index.html");
} else {
mail("admin@example.com", "Possible breakin attempt", "$REMOTE_IP_ADDR");
echo "Security violation, admin has been alerted.";
exit;
}
?>
|
|