Five traditional vulnerabilities that get worse in mobile HTML5. S blog: Security Review: Creating a Secure PHP Login Script. The other day, an article popped up in my feed reader that had a very interesting title (to me at least), Simple and Secure Login Script.
As usual, I decided to click the link and give the article a read. Not overly shocking was the fact that I didn’t find the content of the article to be, how shall I say this…, overly factual. It’s not really a “tutorial”, but more of a “here’s some code that’s secure”. A quick review of the code found more than one vulnerability, and some significant things that I would change about it (as well as a few “really bad practices”). So, rather than write a “rant post” about the code, I’ve decided to take another tactic. The first thing that I see when I open that code up is a whole bunch of mess.
So, the first actual step towards reviewing the code that I take, is to get a general understanding of the architecture of the codebase from a reasonably high level. Session Initialization (Authenticate.php lines 37 - 88) Notice the order of execution there. Portable PHP password hashing ("password encryption") framework. Please note that password hashing is often wrongly referred to as "password encryption".
Hashing is a more appropriate term since encryption is something that is supposed to be easily reversible. phpass (pronounced "pH pass") is a portable public domain password hashing framework for use in PHP applications. It is meant to work with PHP 3 and above, and it has actually been tested with at least PHP 3.0.18 through 5.4.x so far. (PHP 3 support is likely to be dropped in next revision.) The preferred (most secure) hashing method supported by phpass is the OpenBSD-style Blowfish-based bcrypt, also supported with our public domain crypt_blowfish package (for C applications), and known in PHP as CRYPT_BLOWFISH, with a fallback to BSDI-style extended DES-based hashes, known in PHP as CRYPT_EXT_DES, and a last resort fallback to MD5-based salted and variable iteration count password hashes implemented in phpass itself (also referred to as portable hashes).
Download: Contributed resources: Php - "Keep Me Logged In" - the best approach. Using Cookies in PHP > Deleting Cookies. Cookies as very picky about how they are deleted and usually require that they be removed, using the same values as they were set with.
Hence, if we have a domain or path specified, then we must specify this domain/path when deleting the cookie. To delete a cookie, you simply set the value of the cookie to null, and also set the expiring time of the cookie in the past. Ideally, one would set the expiry time to about a year in the past, so that if the system time is off by a few minutes or days even, then the cookie will still delete correctly. Let's dive right in: <? Setcookie('username', '', time()-60*60*24*365); The above script would delete a cookie called username that was in the domain and path that the script is run in. User Logout Going back to our user logon system, we can now create a very simple logout script.
Logout setcookie('username', '', time()-60*60*24*365, '/account', 'www.example.com');setcookie('password', '', time()-60*60*24*365, '/account', 'www.example.com'); SQL Injection. This is an Attack.
To view all attacks, please see the Attack Category page. Last revision (mm/dd/yy): 04/10/2016 Overview A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. Threat Modeling SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.
Related Security Activities How to Avoid SQL Injection Vulnerabilities Description Examples. SQL Injection - Hakipedia. SQL Injection is one of the more popular application layer hacking techniques that is used in the wild today.
It is a trick that exploits poorly filtered or not correctly escaped SQL queries into parsing variable data from user input. The idea behind SQL injection is to convince the SQL application (whether MySQL, MSSQL, PostgreSQL, ORACLE etc) to run an SQL string that was not premeditated. Severity Relatively High Exploit Likeliness Moderate SQL Injection Types There are a number of categorized SQL injection types that can be executed with a web-browser.
Poorly Filtered Strings Incorrect Type Handling Signature Evasion Filter Bypassing Blind SQL Injection Poorly Filtered Strings SQL injections based on poorly filtered strings are caused by user input that is not filtered for escape characters. Code that is vulnerable to this type of vulnerability might look something like this: $pass = $_GET['pass'];$password = mysql_query("SELECT password FROM users WHERE password = '". Signature Evasion. How to program a basic but secure login system using PHP and MySQL.