As a webmaster, especially a new webmaster, sometimes you have to write some code yourself to modify Website Functions and add website features. In this process, if there is a mistake, it may bring a catastrophic security crisis to the website. Even if the website was originally developed and launched by a professional development team and has good security, the lines of error code you added under the principle of barrel are, this can completely lead to the collapse of the security mechanism of the entire website.
Currently, the EeSafe website security alliance lists several common code-level security problems on websites using php architectures. It is hoped that this will help webmasters in code modification.
1. The most common security issues in php code writing
Php global variable hazard code:
<? Php
If ($ password = "admin ")
$ Isadmin = 1;
........
If (isadmin = 1)
Echo "Successful administrator login ";
?>
Obviously, this is to determine whether the login is an administrator. Many websites also use this logic to determine other important conditions.
It seems that this code is correct, but there is actually a fatal error. It assumes that $ isadmin is null when no value is assigned, however, in order to make php code access users' input as easy as possible, php treats the input data as a global variable. Therefore, attackers can create arbitrary global variables and assign values.
How to avoid this problem that is most likely to be omitted? If your website uses PHP program development, if you have already done so and there are many web Application variables, the most efficient way is to modify the track_vars option of php.
2. Two-condition website authentication security issues
Determine the user name and password, first determine whether it is null, and then find data that meets the conditions at the same time from the data database.
Using this logic will directly cause SQL injection.
If you want to add or modify such a function, the program logic should be: First, find the data that matches the user name in the database (of course, the user name must be unique in the database ), check whether the corresponding password in the data is the same as the password to be verified, so as to avoid the dual-authentication problem.
3. Use the user name to determine User Permissions
Many websites have such problems, such
If (! Username) www.2cto.com
{
Return false;
}
If ($ username = 'admin ')
{
Echo "Welcome to administrator login ";
Return true;
}
It seems that there is no logic problem, but why is there a security vulnerability? Because many databases do not process special characters, such as mysql databases, if the entered characters are in the ASCII code 129 ~ If the registered user uses the "admin + special character", the user can also successfully register a user named admin, and the security mechanism disappears.
Welcome to discussion.
Author: EeSafe Website Security Alliance