Today, I will explain how to over these security questions in the framework. The first is SQL injection. if you are using PDO, I think it should be okay. if you are still using APIs such as mysql, then you can implement bindParameter in the framework or insert the database... "> <LINKhref =" http://www.php100.com//stat
Today, I will explain how to over these security questions in the framework.
The first is SQL injection. if you are using PDO, I think it should be okay. if you are still using APIs such as mysql, you can implement bindParameter in the framework or escape the string before inserting the database.
After writing the previous article two days ago, Vian left a message saying that a solution for SQL injection is to perform ''' before inserting the database '''. addslashes ($ id ). ''', which means to first perform the addslashes operation, and then force a single quotation mark package. in this way, it is a character string, so it cannot be injected. I think this method is good, like one !!
Since SQL injection needs to be connected to the model, XSS needs to be connected to the view. I have not started to talk about these two parts, so I will talk about how to solve them in the framework later. of course, if I forget it later, you can remind me.
The last time I spoke about CSRF, I did not provide a solution. today I will provide this solution. In fact, the solution is very simple, that is, to generate a random number for it, and then the backend determines whether the number passed is consistent with the correct number. if not, the corresponding code will not be executed, this random number is called a token.
For simplicity, we will write the functions that generate token and get token in the Controller, that is, Controller. php.
The first is to generate a random number. The simplest way is to use mt_rand () to directly generate an integer, but here I use the csrf solution I saw in the initphp framework before, here, I would like to thank the initphp author for his thoughts:
The initphp code is:
| 1 |
Private function set_token (){ |
| 2 |
If (! $ _ COOKIE ['init _ token']) { |
| 3 |
$ Str = substr (md5 (time (). $ this-> get_useragent (), 5, 8 ); |
| 4 |
Setcookie ("init_token", $ str, NULL ,'/'); |
| 5 |
$ _ COOKIE ['init _ token'] = $ str; |
For the sake of simplicity, I will not use userAgent here. initphp concatenates the current timestamp and userAgent into strings and then uses md5 encryption to retrieve 5th to 8 digits, my idea here is to encrypt the current timestamp with md5, and then get it from 0th bits. the obtained string length is randomly generated:
| 1 |
$ Token = substr (md5 (time (), 0, mt_rand (10, 15 )); |
To prevent random numbers from being too large or too small, I set the value range of mt_rand to 10 to 15, that is, the number of tokens generated is 10 to 15 digits.
After token is generated, other things can be easily done. of course, first, we also set token. We do not need to generate a random number every time a user requests it, so we store it in cookies, when the framework loads a token, it determines whether a token exists. If no token exists, a token is generated dynamically. of course, the token generated expires after a period of time, and the time set here is 7 days.
| 1 |
Private function _ setToken (){ |
| 2 |
If (empty ($ _ COOKIE ['_ csrfToken']) { |
| 3 |
$ Token = substr (md5 (time (), 0, mt_rand (10, 15 )); |
| 4 |
$ This-> _ token = $ token; |
| 5 |
Setcookie ('_ csrfToken', $ token, time () + 3600*24*7 ); |
| 7 |
$ This-> _ token = $ _ COOKIE ['_ csrftoken']; |
Because the token generation process is automatically completed by the framework, there is no need for users to see this process, so set this function to private and then call it in the constructor of the Controller class.
The token is generated just now. how can we get the token? in fact, the token method is very simple, that is, a simple getter:
| 1 |
Protected function _ getToken (){ |
| 2 |
Return $ this-> _ token; |
Now I will demonstrate the process of determining the controller compiled by the user:
Assume that the URL requested by the user is http: // localhost/index. php? C = Index & a = test & token = rwerdfdsfsdfs
The controller class code is as follows:
| 02 |
Class IndexController extends Controller { |
| 03 |
Public function test (){ |
| 04 |
$ Token = empty ($ _ GET ['token'])? '': $ _ GET ['token']; |
| 05 |
If ($ token ===$ this-> _ getToken ()){ |
| 06 |
// Determine as normal |
| 08 |
$ This-> _ redirect (array ( |
| 09 |
// Jump to an Action of a controller |
Someone may ask how to set and pass the token value above the URl?
Assume that the previous page is the Action test2 of the Index controller. then, we can use $ this-> _ getToken in the Action test2 to get the token value, then, after the data is transmitted to the view and used in the view, the user can click this link to pass the token value.
Now, let me ask you A question. if you get A token when you access page A, it will expire in two seconds. after three seconds, the user clicks the link containing the token to go to page B, because the token in the COOKIE has expired on the B Page, a new token is generated and then compared with the passed token, which naturally does not match, and then jumps. this is not a problem yet, how can this problem be solved?
Because there is still a little time, let me mention the file upload vulnerability. a user uploads a file such as test. php page, if the user does not determine the file type, after the user uploads the php file, follow the link to access this page, there may be some destructive code on this page, the entire website is dangerous.
You may have determined in the program that only the suffixes jpg, png, and gif are allowed, so I can change the jsp page suffix to jpg, for example, after the upload is successful, if a website has a vulnerability that allows it to modify the file suffix, your website is in danger !!
It is also assumed that your website does not allow modification of the file suffix, but it may be dangerous to add a JS script behind the uploaded image or write some scripts on the uploaded file name !!
