Security

[GreenP]

I am a newbie to PHP. I read up and created my first script yesterday. It goes to a MYSQL server and runs a series of queries on multiple tables to create a field of keywords for a web application we run. It works great. However, the script includes the username and password to log into our database. What do I need to do to make this secure? It needs to be run a couple times per day. If I put persmissions at 400, 600 or 700, (as I have read some suggest) it will not run from a web browser. If I put it at 751 or 755 it will run, but I don't know if I am opening myself up for problems. If I keep it at say 400, 600 or 700, how do I run the script?

 

Muchas Thankfullness

[KevinM1]

I am a newbie to PHP. I read up and created my first script yesterday. It goes to a MYSQL server and runs a series of queries on multiple tables to create a field of keywords for a web application we run. It works great. However, the script includes the username and password to log into our database. What do I need to do to make this secure? It needs to be run a couple times per day. If I put persmissions at 400, 600 or 700, (as I have read some suggest) it will not run from a web browser. If I put it at 751 or 755 it will run, but I don't know if I am opening myself up for problems. If I keep it at say 400, 600 or 700, how do I run the script?

 

Muchas Thankfullness

 

A few things:

 

1. FORM VALIDATION.  It can't be bold enough.  If you're using a form to login, you absolutely need to verify that the info submitted into your form is legit.

 

2. Encryption.  At the very least, the password should be encrypted.  MySQL has several built-in encryption functions, including PASSWORD() and MD5().  Be sure that the stored passwords are encrypted in the database.

 

3. Separate connection script.  Most people, myself included, write a separate script that connects to the database, and then include/require that file in the script(s) that actually do the heavy lifting.  The key here is to put the database connection script in a folder that the outside public cannot access.  This is typically one folder above your web folder.

[MmmVomit]

3. Separate connection script.  Most people, myself included, write a separate script that connects to the database, and then include/require that file in the script(s) that actually do the heavy lifting.  The key here is to put the database connection script in a folder that the outside public cannot access.  This is typically one folder above your web folder.

 

That wouldn't be much better.  People using the the webpage won't have any access to the PHP code.  The vulnerability is that anyone who has access to the server's file system will be able to read the code and get the password.  If the file is one directory higher it won't change who has access to the file.

 

The way to solve this is put this info in a file readable by the web server and access the information through the $_SERVER variable.

[Mirkules]

To elaborate on Nightslyr's Form Validation reply, typically you want to do the following:

 

1. Scrub the input of any html strings using the strip_tags function.

2. Scrub the input of any special characters for the database using the addslashes (and stripslashes when reading).  If your magic_quotes_gpc is turned on (by default it is), you shouldn't need to do this for any $_POST or $_GET variables.

3. Make sure that $_POST and $_GET are set and non-empty before attempting to use them.  Sometimes, PHP will throw warnings when a variable that is not declared is used.  This will mess up your styling AND it will provide the potential attacker with additional information on how your script works.

 

So, whenever I gather input, it always looks like this:

 

if (isset($_POST['a'] && !empty($_POST['a'])
{
    $a = trim(strip_tags($_POST['a']));
    //if magic quotes is off, then use:
    //$a = trim(addslashes(strip_tags($_POST['a'])));
}

 

Check out the following links for PHP security:

 

http://www.sitepoint.com/article/php-security-blunders

http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/

http://www.xkcd.com/327/

[KevinM1]

3. Separate connection script.  Most people, myself included, write a separate script that connects to the database, and then include/require that file in the script(s) that actually do the heavy lifting.  The key here is to put the database connection script in a folder that the outside public cannot access.  This is typically one folder above your web folder.

 

That wouldn't be much better.  People using the the webpage won't have any access to the PHP code.  The vulnerability is that anyone who has access to the server's file system will be able to read the code and get the password.  If the file is one directory higher it won't change who has access to the file.

 

The way to solve this is put this info in a file readable by the web server and access the information through the $_SERVER variable.

 

My curiosity is piqued.  How would one use the $_SERVER variable to access another script?

[MmmVomit]

It actually wouldn't be in another script.  This is something that is set through Apache.  The values are set in the Apache config files, which have very limited access.  If you're not using Apache, I'm sure other webservers can do something similar.

 

Unfortunately, I don't know all the details off the top of my head, because I haven't actually done it myself, yet.  I just know that it's possible, and would have to go look up the details.  This is the book I learned this from.