-
March 30th, 2006, 06:15 AM
#11
dan_in_au: Thank you for your input and for the manual, as well as the example.. I appreciate it myself. However, and seeing as you're new here I just am looking to help prevent future problems, don't make it a habit of posting in threads with "blinking dates".. that would indicate that they are old and usually when someone posts in them, it's frowned upon and/or the users get mad. I appreciate your post here as it is filled with information that adds to the subect.. but I'm just giving you a heads-up for future references..
Oh, and Welcome to AntiOnline!
-
March 30th, 2006, 10:42 AM
#12
to take advantage of this reactivated thread.
PHP Code:
function lenCheck( $var, $maxlen ) {
if (strlen($var) > $maxlen) {
return false;
} else {
return true;
}
}
this code is ok for this example.
as a more correct practice the positive security model must be applied universally. a positive security model will allow what is specifically validated and fail everything else. in more complex structures this will result in failures instead of actionable exceptions and prevents many attack types unforeseen by the designer.
-
March 31st, 2006, 06:18 AM
#13
Originally posted here by MS_Security
to take advantage of this reactivated thread.
PHP Code:
function lenCheck( $var, $maxlen ) {
if (strlen($var) > $maxlen) {
return false;
} else {
return true;
}
}
this code is ok for this example.
as a more correct practice the positive security model must be applied universally. a positive security model will allow what is specifically validated and fail everything else. in more complex structures this will result in failures instead of actionable exceptions and prevents many attack types unforeseen by the designer.
You lost me, but I'd like to know what you were trying to say. Could you maybe give an example of how to make his example into what you describe?
-
March 31st, 2006, 03:00 PM
#14
if(specific condition) {success}
else(everything else in the world including unforeseen events){failure}
or in this case
PHP Code:
function lenCheck( $var, $maxlen ) {
if (strlen($var) <= $maxlen) {
return true;
} else {
return else;
}
}
i said it makes little difference in this example but it is best practice. (high assurance programming languages place constraints on the variables that are checked every single time the variable is used to prevent problems that may arise from any type of corruption like magnetic fields or overheating processors.)
if you always match what you want and fail everything else you will increase your odds of failing good data and decrease passing bad data. this is good because an exception will be less likely of resulting in an exposure and good data failing is easier to catch in test then bad data passing is.
-
March 31st, 2006, 03:33 PM
#15
Hi
Usually, people are using a negative security policy:
attacks, which are known, are blocked.
Hence, signatures or patches need to be updated regularly.
However, since the time-frame to implement signatures/patches
becomes smaller and smaller, this method seems to cease to be
useful.
The approach with a positive security policy requires
initially more work (definition of "norm"-states), however
protects from SQL injections, cross-site scriptings,
parameter tampering, even zero-day exploits without
any additional modifications of the existing infrastructure.
Namely, the positive security policy blocks all activities
which differ from the "norm".
I think MS_Security's example shows the difference
between the two point of views nicely...maybe you
will return "false" rather than "else", and you may set
a lower bound in addition (maybe strlen has been tampered),
but otherwise
Another ("artificial") Example:
The user has to provide username/password ("myname", "mypass").
If done without bad intentions, a naive dynamically created sql
query would look like
Code:
select `id` from usertable where `username`='myname' and `password`='mypass';
Obviously, the structure of this expression is quite different from
Code:
select `id` from usertable where `username`='%admin%' and `password`='mypass' OR 'x'='x';
in the particular case of username="%admin%" and password="mypass' OR 'x'='x"
(no idea whether this will lead to privilege escalation ...
just an example ...)
Using the first policy, you would check the user input strings
(sanitised them for known bad characters) etc.etc.etc.
Using the positive security policy, for the event "login of a user",
you only would allow sql-queries which fulfil the given "norm"-state.
Of course, such sql-injection scenarios can be circumvented with other
techniques, often much more general, by removing some of the (many)
necessary conditions for a successfull exploitation. For example by
passing the parameters (strings) to a well-written database-procedure
(simply eliminates dynamical sql), or by setting appropriate access controls
on database level.
Cheers.
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
-
April 1st, 2006, 07:42 AM
#16
Junior Member
This is a small tip. Most of the time you can omit the .php.
-
April 1st, 2006, 07:45 AM
#17
this is an old thread
most of the time you can omit them
until some newb brings it back up..........
Link the post to a new thread ...if you have something to offer...or a new query
Just a tip
note the flashing dates
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
April 1st, 2006, 09:41 AM
#18
MS_Security , you used the term:
high assurance programming languages
What does that mean?
Is there an RFC that describes it?
I don't understand why this thread was resurrected, or allowed to be.
Can any Mod explain?
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
-
April 1st, 2006, 02:13 PM
#19
"high assurance programming language" typically means programming languages that supports the development of software that has been defined using z notation (iso13568). it can also be a subjective term to identify languages that place an emphasis on a tight relationship with correctness.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|