Hi there.
I'm looking to create a site in the near future that will have a login system. What I'd like to know is:
1.) What different types of attacks are there against websites besides brute force attacks (been reading this thread on brute force attacks: http://www.daniweb.com/forums/thread82966.html&highlight=login+security)
2.) Are there any links/suggestions to combat the attack mentioned by you or any user posting in this thread
SQL Injection is probably your biggest threat with logins since it's pretty simple to defeat brute force attacks with lockout.
addslashes() only goes so far, the same goes for magic_quotes_gpc
SQL Injection is probably your biggest threat with logins since it's pretty simple to defeat brute force attacks with lockout.
addslashes()only goes so far, the same goes formagic_quotes_gpc
Could you explain a bit more about SQL injection?
EDIT: I just found a link to SQL injection
If you have a query which you interact with the database such as
SELECT * FROM users WHERE username = 'blah' and password = 'blahblah'(I have a unhashed password for example purposes)
This would translate into PHP has
$query = "SELECT * FROM users where username = '".$_POST['username']."' AND password = '".$_POST['password']."'";Which is about as simple as it comes. But, what happens if you don't escape quotes?
Username: bob' OR 1=1 --
We now have the following query
SELECT * FROM users WHERE username = 'bob' OR 1=1 -- this is a commentWhich of course gives the user access no matter what.
If you have a query which you interact with the database such as
SELECT * FROM users WHERE username = 'blah' and password = 'blahblah'(I have a unhashed password for example purposes)
This would translate into PHP has$query = "SELECT * FROM users where username = '".$_POST['username']."' AND password = '".$_POST['password']."'";Which is about as simple as it comes. But, what happens if you don't escape quotes?
Username: bob' OR 1=1 --
We now have the following querySELECT * FROM users WHERE username = 'bob' OR 1=1 -- this is a commentWhich of course gives the user access no matter what.
I'm not sure i understand this completely.
If you had
$query = "SELECT * FROM users where username = '".$_POST['username']."' AND password = '".$_POST['password']."'";why not just have it without th inverted commas like this:
$query = "SELECT * FROM users where username = '$_POST['username']' AND password = '$_POST['password']'";The syntax is irrelevant, if you don't "clean" your inputs then injection will happen, it's an unfortunate inevitability.
The syntax is irrelevant, if you don't "clean" your inputs then injection will happen, it's an unfortunate inevitability.
Ok, so basically I want to get rid of any apostrophes or exclamation marks before executing my SQL query? And you say even that isn't fool proof?
This is from the link I posted earlier above (http://en.wikipedia.org/wiki/SQL_injection):
PreparedStatement prep = conn.prepareStatement("SELECT * FROM USERS WHERE PASSWORD=?");
prep.setString(1, pwd);The code(java) above apparently helps prevent SQL injection. Is there anything like this I could use in php?
There are a number of attacks beside sql injections,others are like cross scripting flaws,session theft.You can take a look at
http://www.sklar.com/page/article/owasp-top-ten
Also a good place you can learn more about php security is http://phpsec.org
awesome anthmaina....thanks for your post ;)
There are a number of attacks beside sql injections,others are like cross scripting flaws,session theft.You can take a look at
http://www.sklar.com/page/article/owasp-top-tenAlso a good place you can learn more about php security is http://phpsec.org
Thats a good link ! :)
1.) What different types of attacks are there against websites besides brute force attacks (been reading this thread on brute force attacks: http://www.daniweb.com/forums/thread82966.html&highlight=login+security)
You've also got to watch out for scripts that get uploaded to your server and give someone remote access to your file system, db, etc (like this shell script).
Basically, a hacker can write up a script like CPanel or DirectAdmin that gives them control of a lot of stuff - and add in functions that break passwords and what not to give them unlimited access.
An easy way for these things to end up on your server is if you allow users to upload files without taking some precautions. A couple things you could do to help prevent it are - limit uploads to certain file extensions (i.e. doc file extensions or image extensions) or tell Apache not to execute any php in the /uploads directory.
- Walkere
You've also got to watch out for scripts that get uploaded to your server and give someone remote access to your file system, db, etc (like this shell script).
Basically, a hacker can write up a script like CPanel or DirectAdmin that gives them control of a lot of stuff - and add in functions that break passwords and what not to give them unlimited access.
An easy way for these things to end up on your server is if you allow users to upload files without taking some precautions. A couple things you could do to help prevent it are - limit uploads to certain file extensions (i.e. doc file extensions or image extensions) or tell Apache not to execute any php in the /uploads directory.
- Walkere
I have an upload function that checks extensions to make sure they're only jpg, jpeg, gif or png. Is it possible for someone to upload a file such as "attackscript.exe.jpg" and have the script change the filename to "attackscript.exe"? A quick thought about it tells me no but in the world of programming a lot of things are possible.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.