Secure PHP Programming for PHP beginners. - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: Secure PHP Programming for PHP beginners.

  1. #11
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055
    dan_in_au: Thank you for your input and for the manual, as well as the example.. I appreciate it myself. However, and seeing as you're new here I just am looking to help prevent future problems, don't make it a habit of posting in threads with "blinking dates".. that would indicate that they are old and usually when someone posts in them, it's frowned upon and/or the users get mad. I appreciate your post here as it is filled with information that adds to the subect.. but I'm just giving you a heads-up for future references..

    Oh, and Welcome to AntiOnline!
    Space For Rent.. =]

  2. #12
    Junior Member
    Join Date
    Jan 2006
    Posts
    25
    to take advantage of this reactivated thread.
    PHP Code:
    function lenCheck$var$maxlen ) {
       if (
    strlen($var) &gt$maxlen) {
          return 
    false;
       } else {
          return 
    true;
       }

    this code is ok for this example.
    as a more correct practice the positive security model must be applied universally. a positive security model will allow what is specifically validated and fail everything else. in more complex structures this will result in failures instead of actionable exceptions and prevents many attack types unforeseen by the designer.

  3. #13
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    Originally posted here by MS_Security
    to take advantage of this reactivated thread.
    PHP Code:
    function lenCheck$var$maxlen ) {
       if (
    strlen($var) &gt$maxlen) {
          return 
    false;
       } else {
          return 
    true;
       }

    this code is ok for this example.
    as a more correct practice the positive security model must be applied universally. a positive security model will allow what is specifically validated and fail everything else. in more complex structures this will result in failures instead of actionable exceptions and prevents many attack types unforeseen by the designer.
    You lost me, but I'd like to know what you were trying to say. Could you maybe give an example of how to make his example into what you describe?

  4. #14
    Junior Member
    Join Date
    Jan 2006
    Posts
    25
    if(specific condition) {success}
    else(everything else in the world including unforeseen events){failure}

    or in this case
    PHP Code:
    function lenCheck$var$maxlen ) { 
       if (
    strlen($var) <= $maxlen) { 
          return 
    true
       } else { 
          return else; 
       } 

    i said it makes little difference in this example but it is best practice. (high assurance programming languages place constraints on the variables that are checked every single time the variable is used to prevent problems that may arise from any type of corruption like magnetic fields or overheating processors.)

    if you always match what you want and fail everything else you will increase your odds of failing good data and decrease passing bad data. this is good because an exception will be less likely of resulting in an exposure and good data failing is easier to catch in test then bad data passing is.

  5. #15
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    Usually, people are using a negative security policy:
    attacks, which are known, are blocked.
    Hence, signatures or patches need to be updated regularly.
    However, since the time-frame to implement signatures/patches
    becomes smaller and smaller, this method seems to cease to be
    useful.


    The approach with a positive security policy requires
    initially more work (definition of "norm"-states), however
    protects from SQL injections, cross-site scriptings,
    parameter tampering, even zero-day exploits without
    any additional modifications of the existing infrastructure
    .
    Namely, the positive security policy blocks all activities
    which differ from the "norm".

    I think MS_Security's example shows the difference
    between the two point of views nicely...maybe you
    will return "false" rather than "else", and you may set
    a lower bound in addition (maybe strlen has been tampered),
    but otherwise


    Another ("artificial") Example:
    The user has to provide username/password ("myname", "mypass").
    If done without bad intentions, a naive dynamically created sql
    query would look like
    Code:
    select `id` from usertable where `username`='myname' and `password`='mypass';

    Obviously, the structure of this expression is quite different from
    Code:
    select `id` from usertable where `username`='%admin%' and `password`='mypass' OR 'x'='x';
    in the particular case of username="%admin%" and password="mypass' OR 'x'='x"

    (no idea whether this will lead to privilege escalation ...
    just an example ...)

    Using the first policy, you would check the user input strings
    (sanitised them for known bad characters) etc.etc.etc.
    Using the positive security policy, for the event "login of a user",
    you only would allow sql-queries which fulfil the given "norm"-state.

    Of course, such sql-injection scenarios can be circumvented with other
    techniques, often much more general, by removing some of the (many)
    necessary conditions for a successfull exploitation. For example by
    passing the parameters (strings) to a well-written database-procedure
    (simply eliminates dynamical sql), or by setting appropriate access controls
    on database level.

    Cheers.
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  6. #16
    Junior Member
    Join Date
    Nov 2003
    Posts
    7
    This is a small tip. Most of the time you can omit the .php.

  7. #17
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    this is an old thread

    most of the time you can omit them

    until some newb brings it back up..........


    Link the post to a new thread ...if you have something to offer...or a new query

    Just a tip

    note the flashing dates

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  8. #18
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    MS_Security , you used the term:
    high assurance programming languages
    What does that mean?

    Is there an RFC that describes it?

    I don't understand why this thread was resurrected, or allowed to be.

    Can any Mod explain?
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  9. #19
    Junior Member
    Join Date
    Jan 2006
    Posts
    25
    "high assurance programming language" typically means programming languages that supports the development of software that has been defined using z notation (iso13568). it can also be a subjective term to identify languages that place an emphasis on a tight relationship with correctness.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •