SitePoint Sponsor

User Tag List

Results 1 to 5 of 5

Thread: get security

  1. #1
    SitePoint Addict
    Join Date
    Sep 2006
    Posts
    238
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    get security

    Hello

    I was told this query was not secure, if so how can I make it secure, or is there an alternative.

    PHP Code:
    $get mysql_real_escape_string($_GET['id']);
    SELECT FROM profile WHERE username $get 
    Basically what it does is if a user goes to:
    example.com/profile.php?id=john

    it will select johns profile. I was told the get request could be manipulated to anything.

  2. #2
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Well, from what you have shown us if I enter

    example.com/profile.php?id=admin

    and you have a matching profile, then yes, it would be a security hazard.

    Generally you ask for two pieces of information, a username and a password.

    So that you end up doing something which essentially equates to:
    PHP Code:
    $username // as you have done
    $encrypted_password // get the password, encrypt it with the same method you used before you stored in the db

    "SELECT * FROM profile WHERE username = '$username' and password = '$encrypted_password'" 
    The encrypted password should be so encrypted that it is impossible to retrieve it in its plain text form, even for you.

    Sometimes that username can be elicited from a cookie, the amount of security you apply may well depend on how much damage losing an account will cause you or the user.

    If it is to retrieve some settings like your preferred background color, then you'd handle it differently to giving access to personal information.

  3. #3
    SitePoint Addict
    Join Date
    Sep 2006
    Posts
    238
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi sorry for the misunderstanding. This isn't for user authentication. It is a public profile page.

    e.g example.com/profile.php?id=john
    This would request data from johns table

    However I want to know if it would be a security risk. Could people manipulate the GET request?

  4. #4
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    If the worst that could happen is that someone gets the wrong background color, say, then why worry?

    Anyone can spoof any variable coming to you from the internet, GET, POST, COOKIE no matter.

    If you are correctly escaping the data, as you seem to be -- then nothing bad in the way of an sql injection attack -- but then again we don't know if you do someting else with your $get variable.

    Do not echo your $get variable onto the screen without also escaping it for html.

    Use the likes of htmlentities and that family of escaping methods.

  5. #5
    Non-Member Max Height's Avatar
    Join Date
    Dec 2011
    Posts
    303
    Mentioned
    6 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by Jaynesh View Post
    e.g example.com/profile.php?id=john
    This would request data from johns table

    However I want to know if it would be a security risk. Could people manipulate the GET request?
    The short answer is a definite YES.

    Just like you typed a url for your post, I or anyone else could also type your url and attach whatever name/value pair we like to it.

    And whether it is a GET or POST transmission to your server side script, it is still a security risk because poeple can still send whatever data they like as a POST as well to a server side script.

    So if data security is an issue, your server side script MUST validate and sanitise user inputed data sent to it before using the sent data.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •