Overview security protection measures for Web programming (mainly for PHP and Perl) []

I. Causes of danger

1. WebProgramIt's easy to get started, and you can write it after simple training. The level of programs written is naturally uneven.

2. Many people do not have security awareness. You have no idea about the concept of "SQL injection.

3. A lot of HTTP scaner will automatically scan a large number of websites.

4. I believe that the user input, such as the inputbox of another name, simply assumes that the user will only enter login.

Ii. File System Problem

1 ,.. /problems, such as/usr/local /.. /.. /etc/passwd is/etc/passwd. If you trust your input, hacker can see the file it should not see.

For example, open ("/var/CONF/$ USR ")

$ USR = "James"; open ("/var/CONF/James ");

But $ USR = ".. /.. /etc/passwd ", open becomes open ("/var/CONF /.. /.. /etc/passwd.

2. When the OS processes null, Some OS ends when it encounters null, while others are different. Let's look at the example below.

Open ("/var/CONF/{$ USR}. ini ")

It seems that this will not cause the above problem. We will change the input.

$ USR = "James", OK, no problem.

$ USR = ".. /.. /etc/passwd ", OK, open ("/var/CONF /.. /.. /etc/passwd. ini "), OK, no problem.

$ USR = ".. /.. /etc/passwd \ 0 ", the problem may come out, look at open ("/var/CONF /.. /.. /etc/passwd \ 0.ini ");

3. fopen () in PHP

For example, you can use fopen ("$ usr/config. ini") to open a user configuration file and assign permissions to it.

$ USR = "James"; fopen ("James/config. ini") OK, good.

But, $ USR = "http://www.hacker.org", what is after fopen? Fopen (http://www.hacker.org/config.ini), hey.

4. Named pipelines in Perl.

Open (in, "$ usr/config. ini ")

$ USR = "> James", open becomes open (in, "> James/config. ini.

Iii. SQL Injection

For example, in this SQL statement, select * from users where user = '$ uid' and passwd =' $ password'

It looks like $ uid = Name, $ Password = passowrd, everything is fine.

If $ uid = James '-- $ Password = 1 (note in SQL Server, # is used in MySQL) to see what it is.

Select * from users where user = 'James '-- And Password = '1' It is estimated that all of them have understood it here. If 1 = 1, just join it by yourself.

How can administrator directly execute xp_mongoshell with high permissions such as SA, and then call the commands in net to directly add users to the system. This attack is too aggressive. Here we just talk about this. Use "SQL injection" to Google.

4. Program Execution

Suppose you want to use NSLookup to see a www.yahoo.com, the program is like this

$ Host = www.yahoo.com;

System ("NSLookup $ host"), this is good. But $ host = www.yahoo.com; CAT/etc/passwd can be seen at a glance.

This problem occurs in system, exec, '', open, and fopen and popon in PHP in Perl.

5. vulnerabilities of HTTP and client.

1. For example, if you create a cookie that never expires, others can easily use it to get through something.

2. trust anything in the HTTP header is fatal. Someone asked me how to avoid intra-site submission. The answer is referer. I don't know a bit about socket programming. It is easy to construct a header and send it to your form.

3. Construct an HTTP form, and do not trust checkbox or radio. It is too easy to assign a value to this write.

4. The client is garbled with JavaScript. I remember who changed the title in the blog garden, causing the problem that the homepage of the blog garden is not displayed.

5. For HTTP plaintext transmission, the password will be intercepted in many cases. So like Yahoo, it would be better to encrypt the password on the client and then transmit it again.

Vi. Solution

1. The basic principle is to check all input items. How to check, not to mention.

2. Ask scaner to scan your programs and check if you have any problems.