Spot the Security Hole

If you’ve arrived at this page from the Tech Times newsletter, we apologise. A few of our links went awry. You’re probably after one of the following:

  • arguments: A JavaScript Oddity
  • Mozilla Prism: Stuck In The Middle With UI
  • Adobe Integrated Runtime: More Than Just Hot AIR

We now return you to our regular program…

Here’s a PHP script:

 <?php # Common include file for MySQL require("auth_conn_inc_reg.php");  $valid = false;  if (isset($_SERVER['PHP_AUTH_USER']) &&  isset($_SERVER['PHP_AUTH_PW']) ) {      $sql = "SELECT * FROM users WHERE       logins='{$_SERVER['PHP_AUTH_USER']}' AND        password='{$_SERVER['PHP_AUTH_PW']}'";          $mysql_result = mysql_query($sql,$connection);          $num_rows = @mysql_num_rows($mysql_result);             if ( $num_rows != 0 ) {         $valid = true;  } }  if ( !$valid ) {   header ("WWW-Authenticate: Basic realm="Restricted"");  header ("HTTP/1.0 401 Unauthorized");   echo "Authorization required";  exit();      } else {       # Valid user - do stuff here     } ?>

Spot the problem?

What gets me depressed about reading this is it’s part of an article in a UK Linux Magazine this month (I’ll leave the name out; it’s otherwise a good magazine). Sure everyone makes mistakes, myself more than a few but this particular example is a classic and part of why PHP gets flak on security.

What’s it going to take to stop this happening over and over in future? Perhaps on http://www.php.net/mysql_query there needs to a big message like “Before you use this function, make sure you read about mysql_escape_string(). And perhaps the page on mysql_escape_string() could do more to explain why it’s important?

Replay

Category: programming Time: 2004-07-03 Views: 1
Tags:

Related post

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development

search

Front-end development

Database

development tools

Open Platform

Javascript development

.NET development

cloud computing

server

Copyright (C) avrocks.com, All Rights Reserved.

processed in 0.207 (s). 12 q(s)