There is not too deep technical content, I just relatively simple to talk about. (The following operations without specific instructions, are based on the situation of Php+mysql+apache) in the current various types of hacking, how to implement their own PHP code security, to ensure that the security of the program and server is a very important issue, I casually read the information about PHP security, not many, At least less than the ASP, hehe, so I want to write something to prevent these possible situations. There is not too deep technical content, I just relatively simple to talk about. (The following operations are based on Php+mysql+apache, if not specified)
First of all, let's take a look at two articles:
Http://www.xfocus.net/articles/200107/227.html
Http://www.xfocus.net/articles/200107/228.html
The above article is the security focus on the security of the article on PHP, basically more comprehensive introduction of the PHP security issues.
In PHP code, if you consider some of the more basic security issues, first of all:
1. Initialize your variables
Why do you say that? Let's look at the following code:
if ($admin)
{
Echo ' landed successfully! ';
Include (' admin.php ');
}
Else
{
Echo ' You are not an administrator and cannot be managed! ';
}
OK, we see the above code seems to be able to run normally, no problem, then join me to submit an illegal parameter in the past, then the effect will be? For example, our page is http://www.traget.com/login.php, then we submit: Http://www.target.com/login.php?admin=1, hehe, you want some, we are not directly the administrator, directly to manage.
Of course, we may not make such a simple mistake, then some very secret errors can lead to this problem, such as the recent Phpwind 1.3.6 Forum has a loophole, resulting in the ability to directly get administrator privileges, is because there is a $skin variable is not initialized, resulting in a series of problems later.
So how do we avoid the above problem? First of all, starting from the php.ini, the php.ini inside the Register_global = off, is not all the registered variables for the global, then you can avoid. However, we are not a server administrator, only improved from the code, then how can we improve the above code? We rewrite the following:
$admin = 0; Initialize variables
if ($_post[' Admin_user ') && $_post[' Admin_pass '])
{
Determine if the submitted administrator user name and password are correct for the corresponding processing code
// ...
$admin = 1;
}
Else
{
$admin = 0;
}
if ($admin)
{
Echo ' landed successfully! ';
Include (' admin.php ');
}
Else
{
Echo ' You are not an administrator and cannot be managed! ';
}
Then it's not good for you to submit http://www.target.com/login.php?admin=1 again, because we initialized the variable to $admin = 0 at the outset, so you can't get administrator privileges through this vulnerability.
2. Preventing SQL injection (SQL injection)
SQL injection should be the most harmful to the current program, including the earliest from the ASP to PHP, is basically the domestic two years of popular technology, the basic principle is through the non-filtering of the commit variable to form an injection point and then enable malicious users to submit some SQL query statements, resulting in important data theft, data loss or corruption, Or be hacked into the background management.
The basic principle I will not say, we look at the following two articles is very clear:
Http://www.4ngel.net/article/36.htm
Http://www.4ngel.net/article/30.htm
So now that we know the basic way of injecting intrusion, how do we prevent it? This should be our code to start with.
We know that there are two ways to submit data on the Web, one is get, one is post, so a lot of common SQL injections are from Get mode, and the injected statement must contain some SQL statements, because there is no SQL statement, then how to proceed, SQL statement has four sentences:
Select, Update, delete, insert, what if we filter on the data we submit to avoid these problems?
So we use the regular to build the following function:
/*
Function name: Inject_check ()
Function: Detects whether the submitted value is a character that contains SQL injections, prevents injections, and secures the server
Parameters: $sql _STR: Committed variables
Return value: Return test result, ture or False
Function Author: heiyeluren
*/
function Inject_check ($sql _str)
{
Return eregi (' select|insert|update|delete| ' | /*|*|.. /|. /|union|into|load_file|outfile ', $sql _str); To filter
}
In our function we put select,insert,update,delete, union, into, Load_file, outfile/*,./,. /, ' etc The dangerous parameter strings are all filtered out, then you can control the parameters of the submission, the program can be built like this:
if (Inject_check ($_get[' id '))
{
Exit (' The data you submitted is illegal, please check and resubmit! ');
}
Else
{
$id = $_get[' id '];
Echo ' submitted data is valid, please continue! ';
}
?>
Suppose we submit the URL as: http://www.target.com/a.php?id=1, then you will be prompted:
"The submitted data is valid, please continue!" "
If we submit http://www.target.com/a.php?id=1 ' select * from Tb_name
The prompt will appear: "The data you submitted is illegal, please check and resubmit!" "
Then we have reached our request.
However, the problem has not been resolved, if we are submitting a http://www.target.com/a.php?id=1asdfasdfasdf, we this is in line with the above rules, but it is not in line with the requirements, so we for the possible other circumstances, Let's build a function to check:
/*
Function name: verify_id ()
Function: Verify that the ID class value of the commit is legal
Parameter: $id: The ID value of the Commit
Return value: Returns the processed ID
Function Author: heiyeluren
*/
function verify_id ($id =null)
{
if (! $id) {exit (' No arguments are submitted! '); }//Is null-judged
ElseIf (Inject_check ($id)) {exit (' argument submitted is illegal! '); }//Injection judgment
ElseIf (!is_numeric ($id)) {exit (' argument submitted is illegal! '); }//Digital judgment
$id = Intval ($id); The whole type of
return $id;
}
Well, then we will be able to verify, so our above program code becomes the following:
if (Inject_check ($_get[' id '))
{
Exit (' The data you submitted is illegal, please check and resubmit! ');
}
Else
{
$id = verify_id ($_get[' id "); Our filter function is referenced here to filter the $id.
Echo ' submitted data is valid, please continue! ';
}
?>
OK, the problem seems to have been solved here, but we have not considered the post-submitted data, large quantities of data?
For example, some characters may be harmful to the database, such as ' _ ', '% ', these characters have special meaning, then if we control it? Another point is that when our php.ini inside the MAGIC_QUOTES_GPC = off, then the data submitted by the database does not conform to the rules are not automatically added to the front, then we have to control these problems, and then build the following function:
/*
Function name: Str_check ()
Function: Filter the submitted string
Parameter: $var: The string to be processed
Return value: Returns the filtered string
Function Author: heiyeluren
*/
function Str_check ($STR)
{
if (!GET_MAGIC_QUOTES_GPC ())//Determine if MAGIC_QUOTES_GPC is open
{
$str = Addslashes ($STR); To filter
}
$str = Str_replace ("_", "_", $str); Filter out the ' _ '
$str = str_replace ("%", "%", $str); Filter out the '% '
return $str;
}
OK, once again we have avoided the danger of the server being overrun.
Finally, consider submitting some large quantities of data, such as posts, or writing articles, news, we need some functions to help us filter and transform, and then on the basis of the above function, we construct the following function:
/*
Function name: Post_check ()
Function: Process the edited content of the submission
Parameters: $post: What to submit
return value: $post: Returns the filtered content
Function Author: heiyeluren
*/
function Post_check ($post)
{
if (!GET_MAGIC_QUOTES_GPC ())//Determine if MAGIC_QUOTES_GPC is open
{
$post = Addslashes ($post); To filter the submission data without opening the MAGIC_QUOTES_GPC
}
$post = Str_replace ("_", "_", $post); Filter out the ' _ '
$post = str_replace ("%", "%", $post); Filter out the '% '
$post = NL2BR ($post); Carriage return Conversion
$post = Htmlspecialchars ($post); HTML markup Conversions
return $post;
}
Oh, basic to here, we have said some of the situation, in fact, I feel that I speak very little, at least I only speak two aspects, and then the whole security is very little content, consider the next time to speak more, including PHP security Configuration, Apache security and so on, so that our security is a whole, To be the safest.
In the end, I'm telling you the above expression: 1. Initialize your variable 2. You must remember to filter your variables.
The above describes the focus magic PHP xfocus anti-injection data, including the focus magic content, I hope to be interested in PHP tutorial friends helpful.
