PHP Web site Common security vulnerabilities, and corresponding preventive measures summary

Source: Internet
Author: User
Tags session id php website

At present, the Web site development based on PHP has become the mainstream of the current website development, the author focuses on the PHP website attack and security precautions to explore, aimed at reducing the vulnerability of the website, I hope that we have some help!

First, common PHP website security vulnerability
For PHP vulnerabilities, there are five common vulnerabilities. Session file Vulnerability, SQL injection vulnerability, script command execution vulnerability, global variable vulnerability, and file vulnerability are respectively. Here is a brief introduction to these vulnerabilities.
1. session File Vulnerability
Session attack is one of the most commonly used attacks by hackers. When a user visits a site, in order to avoid the customer every person to a page to lose the user account and password, PHP set the session and cookies for users to facilitate the use and visit.
2. SQL Injection Vulnerability
In the development of the Web site, the programmer due to the user data loss of a comprehensive judgment or filter is not strict cause the server to execute some malicious information, such as user information query. Hackers can obtain the appropriate information based on the results returned by the malicious program. This is the SQL injection vulnerability of the lunar stomach.
3. Script execution vulnerability
The common reason for script execution vulnerability is that the user submits a URL that may contain malicious code that causes a cross-site scripting attack because the programmer is less likely to filter the URL parameters submitted by the user when developing the site. Script execution vulnerabilities are often present in previous PHP sites, but as the PHP version is upgraded, these problems have been reduced or absent.
4. Global variable Vulnerability
The variables in PHP do not need to be declared in the same way as other development languages, the variables in PHP can be used without declaration, the system is created automatically when used, and the variable type is automatically determined according to the context environment. This approach can greatly reduce the probability of errors in programmer programming and is very convenient to use.
5. File Vulnerability
File vulnerabilities are usually due to the lack of adequate filtering of external data provided by Web site developers in the design of the Web site, resulting in hackers exploiting vulnerabilities to execute corresponding commands on the Web process. If you include such a piece of code in lsm.php: include ($b. " /aaa.php ".), which can be used by the hacker to achieve a remote attack through the variable $b, can be a hacker's own code, to achieve the attack on the site. You can submit a.php include=http://lz7.0.0 to the server. 1/b.php, then executes the b.php directive.

Second, PHP Common vulnerabilities to prevent measures
1, the prevention of the session loophole
From the previous analysis, we can know that session hijacking is the most common, that is, the hacker through a variety of attacks to obtain the user's session ID, and then use the identity of the attacked user to login to the appropriate website. To this end, there are several ways to prevent: first, the session ID is changed periodically, the replacement session ID can be implemented with PHP's own function, and the second is to replace the session name, usually the default name of the session is PHPSESSID, This variable is usually stored in a cookie, if changed its name, you can block the hacker's part of the attack, third, the transparent session ID is closed processing, so-called transparency refers to the HTTP request does not use cookies to set the session ID, The Sessioin ID is passed by using a link. Close the transparent session ID can be implemented by manipulating the php.ini file, and the four is to pass the hidden parameters through the URL, which ensures that even if the hacker gets the session data, but because the relevant parameters are hidden, It is also difficult to get the session ID variable value.
2, the prevention of SQL injection Vulnerability
Hackers do a lot of SQL injection, but also flexible, but the common denominator of SQL injection is the use of input filtering vulnerabilities. Therefore, in order to prevent SQL injection fundamentally, the fundamental solution is to strengthen the filtering of request commands, especially query request commands. Specifically, the following points are included: first, the filter statement is parameterized, that is, through the parameterized statement to implement user information input rather than directly embed the user input into the statement. Second, in the development of the site as far as possible with the use of explanatory procedures, hackers often through this means to enforce illegal orders; third, in the development of the site as far as possible to avoid web site bugs, or hackers may use this information to attack the site; just by defending SQL injection is not enough, In addition, a professional vulnerability scanning tool is often used to scan websites for vulnerabilities.
3, the prevention of script execution vulnerability
Hackers use script execution vulnerability to attack the means are various, and is flexible, in this, there must be a variety of prevention methods integrated means to effectively prevent hackers to attack the script execution vulnerability. There are four methods commonly used here. One is to pre-set the path of the executable file. Can be achieved by Safe_moade_exec_dir, and the second is to handle the command parameters, generally with the Escapeshellarg function, the third is to use the system's own function library to replace the external command;
4. Prevention of global Variable Vulnerability
In the case of PHP global variables, the previous PHP version of the problem, but as the PHP version upgraded to 5.5, can be implemented by the php.ini settings, set Ruquest_order as GPC. In addition, in the php.ini configuration file, you can set the Boolean value for magic_quotes_runtime whether to multibyte backslashes in the overflow word in the externally inductive data. In order to ensure that the website program can be run in any setting state of the server. You can use Get_magic_quotes_runtime to detect the setting state at the beginning of the entire program, either manually or by Set_magic_quotes_runtime (0) when you start (or do not need automatic escaping).
5, the prevention of file loopholes
For PHP file leakage can be set up and configuration of the server to achieve the purpose of prevention. Here the specific operation is as follows: First, the PHP code to close the error, so that the hacker can avoid error prompts to obtain database information and Web page file physical path, and the second is dedicated to the Open_basedir set, that is, the file operation outside the directory to prohibit processing; This can be used to protect local files or remote files to prevent them from being attacked, it is also important to guard against the session file and upload files attack; The third is to set the Safe-made to the open state, so that the command will be executed to standardize, by prohibiting file upload, Can effectively improve the safety factor of PHP website.

PHP Web site Common security vulnerabilities, and corresponding preventive measures summary

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.