I see the php security

Others 2020-01-02 18:36:29 views: null

I see the php security

1. grasp the whole point of the structure, to avoid leakage of sensitive sites directory

Problem: Old sites are generally in the catalog with decentralization index.php, register.php, login.php, visit the registration page jump to HTTP: //localhost/register.php , easy expansion and maintenance

Solution: If the url is HTTP: // localhost / ACT = the Register dvwa environment with drones is that the idea of this kind of set up, to jump to the corresponding page manageable through variable,

Advantages: 1 will not be exposed sites backstage absolute path http: //localhost/act=admin.php not speculate background directory website

     2. easy to maintain, do not need to modify the code too much, HTTP: //localhost/act=admin.php want to change the background address, simply modify the swtich code and background file name

     3. structured, layered

     4. unified management of authentication. Authentication can be carried out at the entrance as visitors can not access the site, members have permission to view only login, you can manage the entry page

     The absolute path to access the page by error, HTTP: //localhost/register.php error

In this page <php if (defined ( 'WWW_ROOT')!) {Header ( "HTTP / 1.1 404 Not Found"); exit;}??> Implemented

 

2. Use a prepared statement, to avoid sql injection

2.1. Data and code undifferentiated

A sql statement select * from admin where username = 'admin' password = 'xxxxx', admin xxxx data and, if not to do the processing, the user may enter admin = 'or 1 = 1 #, this statement into select * from admin where username = '' or 1 = 1 # 'password =' ​​xxxxx ', # will be commented later code, username =' 'false, 1 = 1 is true, so the final result is true, all data queries come out

2.2 precompiled

Back-end SQL statement: '?' '?'? Select * from admin where username = password =, put this sql statement stmt compiled into an object, the method stmt-> bind_param bind the data entered by the user to the location, so operated by the class, so the implementation of sql statements must be precompiled.

Mysqli pretreatment

1. Create a connection

$conn = new mysqli($servername, $username, $password, $dbname);

2. The pretreatment, i.e. packaged into classes stmt

$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");

3. bind parameters

$stmt->bind_param("sss", $firstname, $lastname, $email);

4. Set the parameter value

$firstname=’firstname’

5. Perform

$stmt->execute();

But now commonly used php pdo sql to operate

1.pdo instantiated

$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);

2. Pretreatment

$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (:firstname, :lastname, :email)");

3. bind parameters

$stmt->bindParam(':firstname', $firstname);

$stmt->bindParam(':lastname', $lastname);

 $stmt->bindParam(':email', $email);

4. assignment and execution

$firstname = "John";

$lastname = "Doe";

$email = "[email protected]";

$stmt->execute();

 

3 To prevent XSS code if you do not use a cookie is not used

Unfortunately xss injection, the page does not use a cookie, can reduce the harm

 

4. Restrict user privileges and prevent CSRF

4.1 As an example, for an article thumbs, is a way to start the design of the get request, such as request url thumbs A user is an article

http:? // localhost / act = support & articleid = 12, A user can send the request to the user B, B also launched a user clicks on this link to request a point of praise

4.2post request. Get request too easy to use, the case is designed to initiate post request Like this point, as the following code:

<form action="http://localhost/?act=support" method="POST">

  <input type="hidden" value="12" name="articleid">

  <input type="submit" value="赞">

</form>

The first input id appears in the article may be constructed form a table, or ajax, construction or use burpsuite attack page, send to B, B to initiate a click on the thumbs up post request

4.3 to restrict codes. This will reduce the user experience a sense of reality is also no point in a situation like this also need to enter a verification code.

4.4 increase token authentication. The client per visit http: // localhost / act = support & articleid 12 =? The page, the server randomly generates a token, and sent to the client, the client sends the endpoint and server parameters when comparing praise, as if thumbs up success here if the page xss vulnerabilities exist, can be obtained by js to the token value, successful attack, this approach is common and effective means

4.5 referer verification. Visit http:? // localhost / act = support & articleid = 12 point when Chan, a verification request rerferer value of the package to verify its page source, ideally, when A user will attack page sent to B, B clicks, referer sources certainly fail due to inconsistent thumbs up, but the attacker can modify your site attackers pages, file name, directory named like the domain name point to stay there rerferer detection

 

5 strictly control the upload type

5.1 validation front unreliable

5.2mime verification unreliable

5.3 whitelist validation, is to take the file name, such as array ( 'jpg', 'gif', 'png', 'bmp'), a file named elements in the array before uploading, but be careful parsing vulnerability

5.4 Rename, now the general naming rules + white + random number suffix list of uploaded file is renamed as the date and time, so even if the webshell uploaded, but also because the attacker can not guess the file name while preventing access webshell

5.5 prohibit execution of php code, you can refer to the article prohibiting execution webshell

 

6. encryption confuse javascript code to improve the attack threshold

Many xss vulnerabilities are found in the local reading the source code of web pages, encrypt javascript code to improve reading threshold

 

7. Use more advanced hash algorithm stored in the database important information

The general means to crack the hash

7.1 rainbow table. You can go to the official website to download hundreds of g, often that this file system to crack sam

7.2 md5 site, Baidu will have a look, a simple decryption

 

8. The security codes

Verify security code verification can look at a few ways:

8.1 if the front end generates code verification, you can capture bypassed

8.2 if there is a single valid codes, codes can be reused single

8.3 SUMMARY codes output to the client, an attacker may be acquired by js code

8.4 weak codes

Verification code too simple, resulting in open source tessertact OCR can be identified. Here's a new bypass machine recognition 12306

Examples of ticket codes

Reference link: https: //www.leavesongs.com/PENETRATION/php-secure.html

Guess you like

Origin www.cnblogs.com/qzdlp/p/12134324.html
Recommended
Arc Browser for Windows 1.0 officially GA
A programmer born in the 1990s developed a video porting software and made over 7 million in less than a year. The ending was very punishing!
Ranking
1. Select Sort
Create a thread thread
3 press to play ball that reach 6
Programmation CUDA (4) : gestion de la mémoire
SpringBoot database connection pool Druid error
E Diudiu App redesign summary
4EVERLAND Hosting now supports SNS+IPFS
About HTTPS
[vue3+vite+ts+element-plu+sass] uses bug records in sass
Interpretation of HUAWEI CLOUD GaussDB (for Influx): Best Practice Data Modeling
Daily
More
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)

Code World

© 2018 codetd.com