Common Vulnerabilities and precautions in PHP development

Common Vulnerabilities and precautions in PHP development

For PHP vulnerabilities, there are five common vulnerabilities. Session file Vulnerability, SQL injection vulnerability, script command execution vulnerability, global variable vulnerability, and file vulnerability are respectively. These vulnerabilities are briefly introduced and prevented.

1. session File Vulnerability

Session attack is one of the most commonly used attacks by hackers. When a user visits a site, in order to avoid the customer every person to a page to lose the user account and password, PHP set the session and cookies for users to facilitate the use and visit.

Prevention:

From the previous analysis, we can know that session hijacking is the most common, that is, the hacker through a variety of attacks to obtain the user's session ID, and then use the identity of the attacked user to login to the appropriate website. To this end, there are several ways to prevent: first, the session ID is changed periodically, the replacement session ID can be implemented with PHP's own function, and the second is to replace the session name, usually the default name of the session is PHPSESSID, This variable is usually stored in a cookie, if changed its name, you can block the hacker's part of the attack, third, the transparent session ID is closed processing, so-called transparency refers to the HTTP request does not use cookies to set the session ID, The Sessioin ID is passed by using a link. Close the transparent session ID can be implemented by manipulating the php.ini file, and the four is to pass the hidden parameters through the URL, which ensures that even if the hacker gets the session data, but because the relevant parameters are hidden, it It is also difficult to get the session ID variable value.

2. SQL Injection Vulnerability

In the development of the Web site, the programmer due to the user data loss of a comprehensive judgment or filter is not strict cause the server to execute some malicious information, such as user information query. Hackers can obtain the appropriate information based on the results returned by the malicious program. This is the SQL injection vulnerability of the lunar stomach.

Prevention:

Hackers do a lot of SQL injection, but also flexible, but the common denominator of SQL injection is the use of input filtering vulnerabilities. Therefore, in order to prevent SQL injection fundamentally, the fundamental solution is to strengthen the filtering of request commands, especially query request commands. Specifically, the following points are included: first, the filter statement is parameterized, that is, through the parameterized statement to implement user information input rather than directly embed the user input into the statement. Second, in the development of the site as far as possible with the use of explanatory procedures, hackers often through this means to enforce illegal orders; third, in the development of the site as far as possible to avoid web site bugs, or hackers may use this information to attack the site; just by defending SQL injection is not enough, In addition, a professional vulnerability scanning tool is often used to scan websites for vulnerabilities.

3. Script execution vulnerability

The common reason for script execution vulnerability is that the user submits a URL that may contain malicious code that causes a cross-site scripting attack because the programmer is less likely to filter the URL parameters submitted by the user when developing the site. Script execution vulnerabilities are often present in previous PHP sites, but as the PHP version is upgraded, these problems have been reduced or absent.

Prevention:

Hackers use script execution vulnerability to attack the means are various, and is flexible, in this, there must be a variety of prevention methods integrated means to effectively prevent hackers to attack the script execution vulnerability. There are four methods commonly used here. One is to pre-set the path of the executable file. Can be achieved by Safe_moade_exec_dir, and the second is to handle the command parameters, generally with the Escapeshellarg function, the third is to use the system's own function library to replace the external command;

4. Global variable Vulnerability

The variables in PHP do not need to be declared in the same way as other development languages, the variables in PHP can be used without declaration, the system is created automatically when used, and the variable type is automatically determined according to the context environment. This approach can greatly reduce the probability of errors in programmer programming and is very convenient to use.

Prevention:

In the case of PHP global variables, the previous PHP version of the problem, but as the PHP version upgraded to 5.5, can be implemented by the php.ini settings, set Ruquest_order as GPC. In addition, in the php.ini configuration file, you can set the Boolean value for magic_quotes_runtime whether to multibyte backslashes in the overflow word in the externally inductive data. In order to ensure that the website program can be run in any setting state of the server. You can use Get_magic_quotes_runtime to detect the setting state at the beginning of the entire program, either manually or by Set_magic_quotes_runtime (0) when you start (or do not need automatic escaping).

5. File Vulnerability

File vulnerabilities are usually due to the lack of adequate filtering of external data provided by Web site developers in the design of the Web site, resulting in hackers exploiting vulnerabilities to execute corresponding commands on the Web process. If you include such a piece of code in lsm.php: include ($b. " /aaa.php ".), which can be used by the hacker to achieve a remote attack through the variable $b, can be a hacker's own code, to achieve the attack on the site. You can submit a.php include=http://lz7.0.0 to the server. 1/b.php, then executes the b.php directive.

Prevention:

For PHP file leakage can be set up and configuration of the server to achieve the purpose of prevention. Here the specific operation is as follows: First, the error prompts in the PHP code is closed, so that the hacker can avoid error prompts to obtain database information and Web page file physical path, the second is to set the Open_basedir, that is, the file operation outside the directory to prohibit processing; this can be used for local files or remote Files play a protective role to prevent them from being attacked, it is also important to guard against the session file and upload file attack; The third is to set the Safe-made to the open state, so that the command will be executed to standardize, by prohibiting file upload, can effectively improve the safety factor of PHP website.

For reprint Please specify: reproduced from 26 points of the blog

This article link address: Common Vulnerabilities and precautions in PHP development

Tags: php,php security, PHP Development, PHP vulnerability

Common Vulnerabilities and precautions in PHP development