PHP Security-session data Exposure (ii)

Source: Internet
Author: User

Session data exposure

When you focus on preventing source code exposure, your session data is just as risky. By default, the session is saved in the/tmp directory. This is convenient in many situations, one of which is that all users have write access to/TMP, so that Apache also has permission to write. While other users cannot read these session files directly from the shell environment, they can write a simple script to read:

<?php   Header (' Content-type:text/plain ');  Session_Start ();   $path = Ini_get (' Session.save_path ');  $handle = Dir ($path);   while ($filename = $handle->read ())  {    if (substr ($filename, 0, 5) = = ' Sess_ ')    {      $data =file_get_ Contents ("$path/$filename");       if (!empty ($data))      {        session_decode ($data);        $session = $_session;        $_session = Array ();        echo "Session [". SUBSTR ($filename, 5). "] \ n ";        Print_r ($session);        echo "\n--\n\n";}}   ? >

This script searches for files prefixed with Sess_ in the session file save directory defined by Session.save_path. After the file is found, its contents are parsed and its contents are displayed with the Print_r () function. This makes it easy for other developers to get your user's session data.

The best way to solve this problem is to put your session data in a database protected by username and password. Because access to the database is controlled, there is an extra layer of protection. By applying the techniques mentioned in the previous section, the database can provide a safe place for your sensitive data, while you should be vigilant and your database security is becoming more and more important.

To save session data in a database, you first need to create a data table:

  CREATE TABLE Sessions  (    ID varchar (+) not NULL,    access int (unsigned),    data text,    PRIMARY KEY ( ID)  );

If you are using MySQL, the table structure is described as follows:

   Mysql> DESCRIBE sessions; +--------+------------------+------+-----+---------+-------+  | Field  | Type             | Null | Key | Default| Extra | +--------+------------------+------+-----+---------+-------+  | ID     | varchar |      | PRI |        |       |  | Access | Int (Ten) unsigned | YES  |     | NULL   |       |  | data   | text             | YES  |     | NULL   |       | +--------+------------------+------+-----+---------+-------+

To enable session data to be saved in this table, you need to use the Session_set_save_handler () function to edit the built-in session mechanism for PHP:

<?php   session_set_save_handler (' _open ',                           ' _close ',                           ' _read ',                           ' _write ',                           ' _destroy ',                           ' _ Clean ');   ? >

Each of these six arguments is the name of afunction so you must write. These functions handle the following tasks:

Each of the six parameters above represents the name of the function you want to write, and they handle the following tasks:

L Open Session Store

L Close Session Store

L Read session data

L Write session data

L Eliminate Session data

L Purge Old session data

I intentionally use meaningful names so that you can see their purpose. The naming is arbitrary, but you might want to prevent name collisions with an underscore (as shown here) or another naming convention. The following are examples of these functions (using MySQL):

 <?php function _open () {Global $_sess_db;    $db _user = $_server[' Db_user ');    $db _pass = $_server[' Db_pass ');     $db _host = ' localhost ';    if ($_sess_db = mysql_connect ($db _host, $db _user, $db _pass)) {return mysql_select_db (' Sessions ', $_sess_db);  } return FALSE;     } function _close () {Global $_sess_db;  Return Mysql_close ($_sess_db);     } function _read ($id) {global $_sess_db;     $id = mysql_real_escape_string ($id);     $sql = "Select data from sessions WHERE ID = ' $id '"; if ($result = mysql_query ($sql, $_sess_db)) {if (mysql_num_rows ($result)) {$record = Mysql_fetch_ass         OC ($result);      return $record [' data '];  }} "return";     } function _write ($id, $data) {global $_sess_db;     $access = time ();    $id = mysql_real_escape_string ($id);    $access = mysql_real_escape_string ($access);     $data = mysql_real_escape_string ($data); $sql = "REPLACE into sesSions VALUES (' $id ', ' $access ', ' $data ');  Return mysql_query ($sql, $_sess_db);     } function _destroy ($id) {global $_sess_db;     $id = mysql_real_escape_string ($id);     $sql = "DELETE from sessions WHERE id = ' $id '";  Return mysql_query ($sql, $_sess_db);     } function _clean ($max) {global $_sess_db;    $old = Time ()-$max;     $old = mysql_real_escape_string ($old);     $sql = "DELETE from sessions WHERE Access < ' $old '";  Return mysql_query ($sql, $_sess_db); }?>

You have to call the Session_set_save_handler () function before Session_Start (), but you can define the functions themselves everywhere.

The beauty of this process is that you don't have to edit or change the way you use the session. $_session still exists, behaves as usual, or is generated and passed by PHP, and the configuration changes to the session will also take effect. All you need to do is call this function (and create all the functions specified by it), and PHP will take care of the rest of it.

The above is the PHP security-session data Exposure (ii) content, more relevant content please pay attention to (!

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.