Essence of script security-PHP + MYSQL 13th page. I. preface if the problem exists at the code level, that is, when the application level considers code security (that is, the vulnerability in the underlying language itself is not considered), the script security issue is
I. Preface
At the code level, that is, if you consider code security at the application level (that is, you do not consider vulnerabilities in the underlying language itself), the script security issue is the issue of functions and variables. Variables directly or indirectly receive insecure user input. due to the characteristics of php, in php, it is easier to find the chaos of such variables (many php programs are used to define, initialize, and receive variables, and $ id variables can be directly used in the program, initialization is completely completed by php settings. if you do not pay attention to it, it may lead to variable confusion and attack ).
When a variable receives insecure input, it is not properly filtered and used in different places, which may cause different dangers. If you directly access the database and display it to the user, it will lead to cross-site scripting attacks. if you use it in SQL statements, it may lead to SQL injection attacks, these attacks are irrelevant to specific scripting languages and may exist in various scripting languages. Due to the flexibility of php variables, if these harmful variables are used in some logical statements, this will cause key code skipping, such as failed authentication and skipping variable initialization, resulting in program logic confusion and other vulnerabilities. If this variable is used in dangerous functions such as include, the file inclusion vulnerability may occur, and the file write vulnerability may occur in the fopen function, the SQL injection vulnerability occurs in the mysql_query function. eval and preg_replace may cause code execution, the environment that may cause errors in the htmlspecia function and absolute path leakage variables determines its potential harm.
After thinking about the problem, how can we check this vulnerability at the code level? Of course, familiarity with the php language is the most basic. It should also be to grasp the functions and variables. if there is a variable in a dangerous function, please determine the source of the variable and whether it is correctly initialized, whether the user can inject sensitive characters after initialization, and whether these sensitive characters are completely cleared before entering the function. The difficulty in code review may be the determination of the variable source, which requires familiarity with php features and the code you have reviewed, however, not all sources of variables are clearly visible. some initialization code may not run as expected, some variables may also come from places you don't want them to come, and some variables may come from database or system configuration files, however, it is very likely that the database and configuration file have been modified before, or these variables are not operated securely in the future. these variables are also untrustworthy. Next we will consider the security of script code based on the ideas of variables and functions.
Where does the binary variable come from?
1 displayed input
Where the variables come from, that is, where the threats come from. what kind of website is the most secure if we only consider the web? Obviously, websites that only provide static Html pages are the safest, because such websites do not interact with viewers, it is like robbing a bank that is hard to crack, it is difficult to implement, but it is different for a large forum or script program. when you log on, you need to pass the username and password variables to the server, even the Ip address you log on to and the browser are all objects captured by the program. capture the interaction process with the server, such as posting a post, and you will find that data transmission between the browser and the server is performed, what you may see includes submitted forms, address bar parameters, and so on. what you cannot see includes cookies. the Http header is where data is submitted, that is, the variable. These locations are also the most primitive portals for servers to process data. So how does the php program accept variables? All submitted variables are saved in some arrays by php, including
$ _ GET
$ _ POST
$ _ COOKIE
$ _ FILES
$ _ SERVER
For initial convenience and flexibility, this option is available in php settings.
Register_globals
When this option is on, all the variables shown above will become a member of $ GLOBALS, which can be used directly without being obtained in the script.
Variables_order
. Many programs consider that register_globals is off, so the following code is used during program initialization:
@ Extract (daddslashes ($ _ POST ));
@ Extract (daddslashes ($ _ GET ));
These codes play the role of register_globals. they release POST and GET content as global variables, but the risks may be even greater.
The issue exists at the code level, that is, if you consider code security at the application level (that is, do not consider vulnerabilities in the underlying language itself ), script security problems...
