感谢您阅读本文。 我很担心网络环境中的安全防御问题,并且我在输入验证方面做了很多工作。根据用户输入重写应用程序
这里的背景是网络环境下的用户名和密码的用户类型,它们通过POST形式传递给文件verify.php
我有以下的代码,我想验证一个用户输入,然后让它进入应用程序。但是我的问题是:是否有可能从该用户的输入中注入实际上会重写应用程序本身的代码?
skip to "REAL QUESTION HERE" if you don't have much time.
/* I have left some questions along the code in commentary,
if you feel you can answer these it would be greatly appreciated too. */
所有这些安全概念正在融化我的大脑。
<?php
//Only sources provided by the server are allowed?
/*is it relevant to use this because I read that
you have to use webkits for cross-platform performences
and that they are not supported in many cases. */
Content-Security-Policy:
default-src 'self';
script-src 'self';
style-src 'self';
connect-src 'self';
media-src 'self';
object-src 'self';
frame-src 'self'
//prevent javascript from accessing cookies?
//I will only use $_SESSION variables.
ini_set('session.cookie_httponly', 1);
ini_set('session.cookie_secure', 1);
session_start();
session_regenerate_id(); /*is it mandatory if I plan to use a generated
random value using strong entropy to make
a login token?*/
include('functions.php');//weak point?
//for further validation use
$usernameSafe = '';
$passwordSafe = '';
//check if the values exists.
if (isset($_POST['username']) && isset($_POST['password'])) {
//validation of user input before letting it access the app.
//weak point?
if (isValidInput($_POST['username']) && isValidInput($_POST['password'])) {
$formUn = $_POST['username'];//weak point?
$formPw = $_POST['password'];//here too?
}
}
//@@@@@@@@@@@@@ REAL QUESTION HERE @@@@@@@@@@@@@@
/*BYPASS_IDEA the input could be :
validUserName']) || 1 == 1) { inject php code here } }/*
//1 == 1 is used to bypass the condition.
/*two bracket to close the two 'if' statements involved
and end the app' then also escape evrything after it
with a block commentary char left unclosed */
//@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
//from the php file 'functions.php'
//@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
function isValidInput($string) {
$isValid = FALSE;
if ($string && is_string($string)) {
/*can it protect against xss attack using characters
like < or any coding tags? */
if (mb_detect_encoding($string, 'UTF-8', TRUE) != FALSE &&
ctype_alnum($string)) {
//Is this how buffer attacks are prevented?
if (strlen($string) <= INPUT_LENGHT)
$isValid = TRUE;
}
}
return $isValid;
}
?>
最终,如果这是可能的,这可以在isset()事件?
也许适合1个问题,但仍然不错 –