5pe25YWJ5aaC6aOO6L2m77yM5Y205LiN5Lya6L2u5Zue44CC5pyd6Zye5LiO5aSV5pmW77yM5Y + q5Zyo6L2s55Sf44CC
Today learn php code php configuration audit of ideas and explanations,
1. Understand the MVC:
MVC full name Model View Controller, the model (model) - view (view) - Abbreviation controller (Controller), and a software design model, with a service logic, data, a method of separating tissue interface display code, business logic to gather a member which, while improving and customization interfaces and user interaction does not need to rewrite the business logic. MVC was developed a unique structure for a conventional mapping input, processing and output of the logic functions in a graphical user interface.
-
Model (model) represents the core of the application (such as a database record list).
-
View (View) display data (database record).
-
Controller (controller) for input (write a database record).
Model objects are usually responsible for accessing data in the database.
Usually view is created based on the model data.
Typically the controller is responsible for reading data from the view, a user input control, and the transmission data model.
2. To be familiar to know some common php frameworks , such as the framework thinkphp, Yaf, doitphp etc.
3. General audit process are:
Get Directory -> Global Filter -> module files -> C function contents -> function contents M -> V displays
General Procedure 4:
(1) Read through the entire process: set of functions, configuration files, security filter files, index files generally start from the index file, the advantages: more comprehensive, can be dug loophole big chance, Cons: time consuming
(2) sensitive keywords backtracking: efficiently determine the sensitive position, and you want to dig out the loopholes. But not covered by the logical flaw, and can not understand the program functions
(3) Site-directed audit function: to dig function according to the program, is relatively simple and efficient (recommended)
(4) Anything is possible all inputs are hazardous (to control for variables) all the variables into the function are harmful (variable function using the value of the arrival there)
Two, php configuration
The main is a global php.ini configuration file, usually only read in the php start time, that is when you modified php.ini to restart php to take effect.
user.ini starting from PHP 5.3.0, PHP support for .htaccess-style INI files on each directory's. Such files are only CGI / FastCGI SAPI process. This feature makes the void htscanner PECL extension. If you use Apache, the .htaccess file with the same effect. Role: .htaccess is pseudo-static environment configuration file for the lamp.
.user.ini is lnmp file, which put your website address folder path. The purpose is to prevent cross-directory access files across directories and read.
1. The basic configuration syntax:
• Case Sensitive
• Operator: |, &, ~ ,!
• null representation
foo= ;
foo=none;
foo="none "
2. Basic Configuration - Safe Mode
• Safe Mode
php safe mode: safe_mode = on | off
Enable safe_mode directive will be in a shared environment may be at risk of language features restrictions when using PHP. Safe_mode can refer to a Boolean value on to enable, disable or set off. It would be more script execution UID (User ID) and the script tries to access the UID file as a basis for limiting mechanism. If the same UID, the execution of the script; otherwise, the script fails.
• Limit access environment variables
safe_mode_allowed_env_vars = string
PHP program can change the prefix specified environment variable when this option is empty, the then php can change any environment variable. Such as:
safe_mode_allowed_env_vars = PHP_ When this option is empty, so php can change any environment variable.
• External program execution directory
safe_mode_exce_dir="home/wwwroot"
• Disable function
disable_funtion
For more secure run PHP, you can use this directive to ban the use of some sensitive functions, when you want to disable some dangerous functions with this Directive, should not have the d () function is also added to the banned list, an attacker can use dI () load function from php extension definitions to break disable_function. You can use a comma-separated function names when configuring the function is disabled
• com components
com_allow_dcom=false
PHP settings in safe mode (safe_ mode), still allow an attacker to execute arbitrary commands using COM0 function to create the system components. I recommend to close this function to prevent this vulnerability
3. Basic configuration - Control Variables
● Global variables are registered switch
register_globals = off
php.ini like to recognize the value of register globals default option is Off, prior to version 4.2 is enabled by default, when the register, _globals is set to On, the program can receive a variety of environmental variables from the server, including form submission variable, which is the server is concerned is very unsafe so we can not let it be registered as global variables.
● register. When globals = On, the server using POST or GET variables submitted, will automatically use the value of a global variable to receive value
● whether to allow the remote file contains
allow_url_include = off
the case on the configuration, may comprise a remote file directly, if the controlled variable is included in the case, can be directly
connected to the control variable to execute the code PHP
● whether to allow open a remote file
allow_url_open = on
allows local PHP file to open and close the rewrite write permissions by calling the URL, the default encapsulation protocol mention
ftp and http protocols for access to the file.
● HTTP header version information
expose_php = off
prevented by the http header information leaked version of php
● file upload temporary directory
upload_tmp_dir =
upload files temporarily stored in the directory, if not set, then the use of the system temporary directory
● Users can access the directory
open_basedir = E: \ Local Test \ WWW
able to control PHP scripts to access the specified directory, so can avoid PHP script access should not
file this access, - limiting the extent of the harm phpshell
● internal errors option
display_errors = on
show displays internal error PHP script. Website launched after the proposed closure of PHP error echo. When debugging
candidates usually turn on PHP errors display
● error reporting level
error_reporting. = E_ ALL & ~ E_ NOTICE
role of this set is the error level to the highest, showing all the problems, to facilitate troubleshooting
This is today get content, well come on! !
As my watch begins. I watch from now on.