Welcome! Log In Create A New Profile

Advanced

PHP Nine - Security Issues

Posted by 77959132 NeoGek 
Announcements Last Post
Announcement SoC Curricula 09/30/2017 01:08PM
Announcement Demarcation or scoping of examinations and assessment 02/13/2017 07:59AM
Announcement School of Computing Short Learning Programmes 11/24/2014 08:37AM
Announcement Unisa contact information 07/28/2011 01:28PM
Forums Messages New
77959132 NeoGek
PHP Nine - Security Issues
February 26, 2013 06:42AM
Never thought of entering html into form fields...glad I have some way of protecting against it. Done
Reply Quote
77911997
Re: PHP Nine - Security Issues
February 26, 2013 09:27AM
I love this section. it basically summarised everything.

there are other functions you can use for security. but they are not 100% secure. functions like
mysql_real_escape_string() and addslashes().

I come across a very interesting site about XSS and SQL Injection - how they inject your site smiling smiley
I guess if you know how they do it, you will know how to block them.

check it out: 
http://www.breakthesecurity.com/2010/12/hacking-website-using-sql-injection.html
Reply Quote
kreason_77840070
Re: PHP Nine - Security Issues
February 26, 2013 11:40AM
77911997 Wrote:
-------------------------------------------------------
> I love this section. it basically summarised
> everything.
>
> there are other functions you can use for
> security. but they are not 100% secure. functions
> like
> mysql_real_escape_string() and addslashes().
>
> I come across a very interesting site about XSS
> and SQL Injection - how they inject your site smiling smiley
> I guess if you know how they do it, you will know
> how to block them.
>
> check it out: 
> http://www.breakthesecurity.com/2010/12/hacking-we
> bsite-using-sql-injection.html
>

Nice find! very interesting
Reply Quote
avatar
77843835AlexB
Re: PHP Nine - Security Issues
February 26, 2013 12:19PM
So someone can litterally break your website by doing this!!! Never thought it possible!! Nice chapter, wish there was more!!
Reply Quote
77911997
Re: PHP Nine - Security Issues
February 26, 2013 03:10PM
Yes Alex. you should have seen a look in my face when i tried to break 1 of my site. i was shocked at how much information an intruder can access because of poor security.
Reply Quote
avatar
77843835AlexB
Re: PHP Nine - Security Issues
February 27, 2013 10:26AM
That's scary!! I even went a browsed Kreason's link to see what else one can find regarding it. Seems there is a whole lot more that one has to be on the look out for. eye popping smiley



77911997 Wrote:
-------------------------------------------------------
> Yes Alex. you should have seen a look in my face
> when i tried to break 1 of my site. i was shocked
> at how much information an intruder can access
> because of poor security.
Reply Quote
wilcovandeijl
Re: PHP Nine - Security Issues
March 01, 2013 09:49AM
very interesting indeed! I remember in my old "darker" days we could get information from databases through inputs as well as wipe the whole thing tables and all! its like @77911997 said: if you know how to do it you'll know how to block it!

off to the next section smileys with beer

Student number : 7803-010-2
Email and Gtalk for support : wilcovandeijl@gmail.com
Reply Quote
avatar
Shado77968239
Re: PHP Nine - Security Issues
March 04, 2013 08:57PM
Security is always of concern. The nice thing with Wordpress is that it has built in security as long as you keep your site updated and install a security plugin like WordFence. I've had to clean out a number of client sites because they failed to keep their sites updated. Nasty business those black hole exploits.

A friend ones told me "hack to learn not learn to hack" that way you can learn to provent an attack.

____________________________________________Nazi Coder____________________________________________

I'm not antisocial, I'm just not user friendly

"It's not a bug; it's an undocumented feature!" ~ some unknown Microsoft developer
Reply Quote
77731808Sindie
Re: PHP Nine - Security Issues
March 05, 2013 05:05AM
Wow. Never though of patsing code in text edit.
Really learned in this section.
I also find a PHP Security Guide site that might be helpfull
http://phpsec.org/projects/guide/
Reply Quote
avatar
77843835AlexB
Re: PHP Nine - Security Issues
March 07, 2013 09:50AM
Got this off the net about SQL injection. Hehehehehe!!! smiling bouncing smiley

Reply Quote
avatar
77929284
Re: PHP Nine - Security Issues
March 12, 2013 06:03AM
Hi there, I am unable to duplicate the security risks mentioned in chapter 9: 
Language: Javascript
<SCRIPT>alert("Scary Script!")</SCRIPT>

and 

Language: HTML
<A HREF ="nastysite">A Nasty Site</A>

Both these are only displayed as static input once I click the submit button. I suppose that is a good thing in real life, but would like to duplicate security risks so that I know how to fix them if they ever occur. I am, however, unable to find out if it is a php/mysql setting or browser setting (I tried this in Firefox and IE) that is preventing this code from executing. Can anyone maybe suggest why this is so? I tried changing the Firefox and IE Settings/Internet options but none of these changes made a difference, although I didn't restart my computer, and know that is sometimes required.

Thanks!
Reply Quote
avatar
77929284
Re: PHP Nine - Security Issues
March 12, 2013 06:20AM
Hi again,

Never mind, found out what the solution was, I just had to change the actual code in the example to duplicate the security issue.

Cheers
Reply Quote
avatar
77929284
Re: PHP Nine - Security Issues
March 12, 2013 08:39AM
This section completed, but think I know very little, would like to know more. Thanks for URLs posted, will definitely take a look!
Reply Quote
78042968
Re: PHP Nine - Security Issues
March 17, 2013 04:30PM
Have not started in security issues but hoping to get there soon
Reply Quote
Ahm-77735951
Re: PHP Nine - Security Issues
March 17, 2013 11:38PM
Security section done.
I would like to spend more time reading up on the referenced sites to get further information on security and risks.
Reply Quote
avatar
77921933Gbenga
Re: PHP Nine - Security Issues
March 18, 2013 11:33PM
Done on security section. Although this basic when it comes to security, it is still straight forward and clear. And thank you guys for the links on further studies.
Reply Quote
77998847
Re: PHP Nine - Security Issues
March 20, 2013 10:25AM
I think after making any website or any web application your client will ask, "is it safe and secure online" I think this chapter was a good starting point, it was quite new to me tho i believe with th increase of hackers in this world we need to also up our game, I will definately need to go deeper into security issues tho i think this was a good start...chapter done

..&ru..
Reply Quote
71701885
Re: PHP Nine - Security Issues
March 20, 2013 10:53AM
done. very important chapter subject.
Reply Quote
avatar
78028450
Re: PHP Nine - Security Issues
March 20, 2013 11:32PM
Cross-Site Scripting. I was not aware of this.
People can launch an attack on a site by inserting scripts into textboxes.
The htmlspecialchars( ) is a nice function that can treat a hyperlink as plain text.
The strip_tags( ) function is amazing. It removes all HTML tags and just leaves the plain text behind.
PHP has really gone for with their security measures.
Reply Quote
77920317_Colgate
Re: PHP Nine - Security Issues
March 21, 2013 07:14PM
htmlspecialchars() and strip_tags( ) are both useful functions in the fight against cross-site scripting attacks, although using only these functions are probably not sufficient.
I do however wonder about the htmlentities() function. Language constructs are after static and you can't just change them to German or any other language?

Different programming languages:
http://en.wikipedia.org/wiki/Non-English-based_programming_languages

Do other people code in other languages:
http://programmers.stackexchange.com/questions/1483/do-people-in-non-english-speaking-countries-code-in-english

In the last link there is someone who talks a tokenized language called 4th Dimension which means that the programming language itself can be changed to German, French etc.
Don't think html is tokenized though?
Reply Quote
avatar
riaand-77568672
Re: PHP Nine - Security Issues
March 23, 2013 12:11AM
Very short but important lesson.
First time ever that I saw this.

Time to secure my site.smile
Reply Quote
AidenM-77499980
Re: PHP Nine - Security Issues
April 02, 2013 11:12AM
WOW! This was quite a cool section! I really did not know about entering HTML code into text boxes and such ,but I am glad I know how to protect my code! Will have to keep myself updated with all the security issues though as coders will always have new ways to hack someone elses code! Very interesting this topic.
Reply Quote
M.Sabah
Re: PHP Nine - Security Issues
April 14, 2013 11:51AM
Done
Reply Quote
Newer Topic Older Topic
Sorry, only registered users may post in this forum.

Click here to login