Pentesting my program.

[bundyxc]

This is my first big project with PHP (big being a completely subjective term, as it's currently ~650 lines long), and I don't want any huge security holes. I have to deal with a MySQL database, and I know how abundant SQL injections are... and I'd hate to fall prey to one.

 

I think that I have every hole closed up (that I know of, obviously), but I'd just like to make sure I've gone through the checklist.

 

I have a few $_POST and $_GETS, all sanitized. Upon login, a session is created, but I sanitize the session variable on each page, before it's allowed to make any calls to the database.

 

Alphanumerics, periods, and hyphens are allowed. Nothing else.

 

Anything I need to do before I throw my baby into production?

[smerny]

sounds good, I could be wrong, but I don't think there is a need to sanitize session variables on each page.

 

how exactly are you sanitizing though? are you using mysql_real_escape_string()?

[bundyxc]

Sessions work by creating a unique id (UID) for each visitor and store variables based on this UID. The UID is either stored in a cookie or is propagated in the URL.

 

From what I can understand, that means that sessions are saved client-side, and therefore unreliable. Maybe? 'Session tampering' also sounds familiar, which I thought to mean 'changing session variables client-side'. Am I wrong?

[wildteen88]

All data in your $_SESSION variables are stored server side , unlike cookies which are stored on the client. Sessions do use cookies but it only stores the session id. This id cannot be tampered with it is unique to each user.

 

No one can get hold of your session data, unless they manage to find an exploit in your code which allows them to gain access, this is why it is important to always sanitize data from the user.