152 Chapter 4 Web Application Concepts n mixed decrypt(string what, string my_user_id) Decrypts what with my_user_id as private key. Returns the decrypted text or false on error. n mixed decrypt_conventional(string what, string passphrase) Decrypts what with traditional decryption, using passphrase as the secret key. Returns the decrypted text or false on error. The MCrypt Functions With the MCrypt library, many block algorithms are available, including DES, TripleDES, Blowfish, and IDEA. Space doesn t allow for explaining all these algorithms here, or giving recommendations on how to choose one for a specific scenario; this is covered in detail by many in-depth books and online articles, some of which you can find listed in the Resources section of the CD-ROM. Unfortunately, another library means another API style, and as indicated in Chapter 1, Development Concepts, we think this is bad style.Why does mcrypt_cbc() take an argument defining whether to encrypt or decrypt data? Wouldn t it be more logical and consistent to have two functions, mcrypt_encrypt_cbc() and mcrypt_decrypt_cbc()? There s no session_var() taking REGISTER or UNREGISTER as argument, is there? Well,let s stop complaining.After all,we could simply edit the source for the MCrypt interface and define these additional functions that s the advantage of Open Source software.So back to the topic.The example in Listing 4.5 shows the MCrypt functions in use.The example loops through an array containing all possible MCrypt algorithms and encrypts a message with each algorithm. Listing 4.5 MCrypt routines. // Set up an array of algorithms generally supported by MCrypt $algorithms = array( MCRYPT_BLOWFISH, MCRYPT_DES, MCRYPT_TripleDES, MCRYPT_ThreeWAY, MCRYPT_GOST, MCRYPT_CRYPT, MCRYPT_DES_COMPAT, MCRYPT_SAFER64, MCRYPT_SAFER128, MCRYPT_CAST128, MCRYPT_TEAN, MCRYPT_RC2, MCRYPT_TWOFISH, MCRYPT_TWOFISH128, MCRYPT_TWOFISH192, MCRYPT_TWOFISH256, MCRYPT_RC6, MCRYPT_IDEA );
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Inexpensive Web Hosting services
150 Chapter 4 Web Application Concepts Listing 4.4. Continued return(false); } $contents = fread($fp, filesize($temp_file)); fclose($fp); // Delete the temporary file unlink($temp_file); // Return the encrypted contents return($contents); } function encrypt($file, $my_user_id, $to_user_id) { $file = $this->_check_file($file); $ret = $this->_exec_pgp_command( -e -u $my_user_id -a $file . $to_user_id ); return($ret); } function sign($file, $my_user_id) { $file = $this->_check_file($file); $ret = $this->_exec_pgp_command( -s -a -u $my_user_id $file ); return($ret); } function encrypt_sign($file, $my_user_id, $to_user_id) { $file = $this->_check_file($file); $ret = $this->_exec_pgp_command( -es -a -u $my_user_id $file .$to_user_id ); return($ret); } function encrypt_conventional($file, $passphrase) { $file = $this->_check_file($file); $ret = $this->_exec_pgp_command( -c -a -z $passphrase $file ); return($ret); } function decrypt($file, $my_user_id) { $file = $this->_check_file($file); $ret = $this->_exec_pgp_command( -c $file -u $my_user_id );
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Inexpensive Web Hosting services
Security Considerations 151 return($ret); } function decrypt_conventional($file, $passphrase) { $file = $this->_check_file($file); $ret = $this->_exec_pgp_command( -z $passphrase $file ); return($ret); } } Because the pgp class is only calling your system s PGP binary with the appropriate arguments, you need a correctly configured PGP system. Specifically, your private key must be set up correctly and all public keys for which you want to encrypt need to be in your local key ring.The public key must be a trusted key,or PGP will ask if it s okay to encrypt for that user, and the class will fail. All functions work with either a file or a string. If you pass a string, it will be saved to $tmp_path as a temporary file because PGP works only with files. Warning: On a multiuser system, anyone may be able to read this file! The use of this class on a non-trusted system (meaning that untrusted users are allowed to access it) should be carefully evaluated. The class has six public functions,and two others are used internally.These functions return false if an error occurs in that case, you can access a verbose error message from $pgp->error. n void pgp() The constructor of the class checks whether the PGP binary is accessible. Returns true on success or false on error. n mixed encrypt(string what, string my_user_id, string to_user_id) PGP-encrypts the argument what, which may be a filename or a string, with the private key of my_user_id for the public key to_user_id. Returns the encrypted text or false on error. n mixed sign(string what, string my_user_id) Signs the argument what with my_user_id s private key. Returns the signed text or false on error. n mixed encrypt_sign(string what, string my_user_id, string to_user_id) Signs what with my_user_id s private key, then encrypts it for to_user_id s public key. Returns the signed and encrypted text or false on error. n mixed encrypt_conventional(string what, string passphrase) Encrypts what with conventional encryption only, using passphrase as the secret key. Returns the encrypted text or false on error.
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Inexpensive Web Hosting services
Security Considerations 149 $this->error = PGP binary file .$this->pgp_bin. is not .executable.n ; return(false); } return(true); } function _check_file($file) { if(!file_exists($file)) { // Create a temporary filename in the path specified as class variable $temp_file = tempnam($this->tmp_path, PGP ). .asc ; // Gently touch the file touch($temp_file); // Open the newly created file, write the string passed as argument .$file to it $fp = fopen($temp_file, w ); if (!$fp) { $this->error = Could not open temporary file $temp_file for .writing in _check_file().n ; return(false); } fputs($fp, $file); fclose($fp); // Assign the temporary filename to $file $file = $temp_file; } return($file); } function _exec_pgp_command($args) { // Create a temporary filename in the path specified as class variable $temp_file = tempnam($this->tmp_path, PGP ). .asc ; // Execute the PGP command $command = $this->pgp_bin. -o $temp_file $args ; exec($command); // Open the temporary file created by PGP and read it into $contents $fp = fopen($temp_file, r ); if (!$fp) { $this->error = Could not open temporary file $temp_file for .reading in _exec_pgp_command().n ; continues
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost PHP MySQL Web Hosting services
148 Chapter 4 Web Application Concepts Another advantage is that public-key systems can provide digital signatures, in which a user signs his message with his private key. Secret-key cryptography, on the other hand, would require a central database with copies of all secret keys of a system to allow digital signatures Kerberos uses this method, for example. Of course, a central point with critical data is always a source of risk. A potential disadvantage is performance; many secret-key algorithms are significantly faster than public-key systems. Public-key cryptography isn t meant to replace secret-key cryptography; in some situations, public-key cryptography is unnecessary and secret-key cryptography alone is sufficient.When storing data on the server,for example,you ll probably use single-key cryptography. Because there are no distinct users in this scenario and the system knows the key for encrypting and decrypting, there s not much advantage to having a public and a private key.To transfer data to a remote system,on the other hand (for example, when sending orders from an online shop via email), public-key cryptography is preferred, as sender and recipient are two different users, communicating over an insecure channel. The Standard in Encryption: Pretty Good Privacy (PGP) Unfortunately,PHP doesn t yet include support for Pretty Good Privacy (PGP).As there are some Open Source alternatives readily available (for example, Gnu Privacy Guard (www.gnupg.org), we re sure that this is only a matter of time. Meanwhile, we ve developed the basic class shown in Listing 4.4 to interface a command-line version of PGP.This class allows you to encrypt,decrypt,and sign files or strings with PGP 6.5.1. Listing 4.4 PHP interface to PGP 6.5.1. class pgp { var $pgp_bin var $tmp_path var $error; = /usr/bin/pg= /tmp ; p ; // Path to PGP binary // Path where temporary files are stored // Used to store the last error message function pgp() { // Check if the PGP binary exists if(!file_exists($this->pgp_bin)) { $this->error = PGP binary file .$this->pgp_bin. does not exist.n ; return(false); } // Check if the PGP binary is actually executable if(!is_executable($this->pgp_bin)) {
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost PHP MySQL Web Hosting services
Security Considerations 147 There are two types of encryption: symmetric encryption and public-key encryption. Symmetric Encryption Symmetric encryption, also referred to as secret-key encryption, uses the same key for encryption and decryption of data. Data Encryption Standard (DES) is a common example of this method. DES is a complex algorithm developed by IBM in the 1970s and approved by the U.S.Bureau of Standards in 1976.While it s relatively easy to crack this 56-bit algorithm (the DES Challenge III, a cracking effort sponsored by RSA Data Security, lasted for only 22 hours until the encrypted message was deciphered), it can still be used to encrypt non-critical data. Some data just needs to be hidden from normal system users and not be encrypted in a cryptographically secure way it s a matter of cost versus benefit. Using symmetric encryption, both sender and receiver of an encrypted message have to know the secret key phrase (the password). If only two people are involved in the exchange of messages, this is no problem. But consider a system with 100 subscribers, any of whom should be able to communicate in secret with the others. If the system used a single key phrase, user Joe couldn t verify in a secure manner that a message had been sent by user Jane.To allow this,every user would need to have a distinct key phrase and every user would need to know all the other users key phrases. Ninety-nine key phrases from others to manage, let alone remember that doesn t sound like fun at all. The main problems of secret-key cryptography are that the number of key phrases increases with the number of users in the system, and that each user must keep as many keys as there are users. Public-Key Encryption Consider the 100-user system just discussed in the preceding section. Instead of requiring 99 other users to know his secret key, Joe makes a key publicly available and maintains one private,secret key.Any of the 99 other users could now use the public key to encrypt a message and send it to Joe and only Joe could decrypt it with his private key.There is an obvious flaw in this system:We ve lost authentication.Joe won t know who sent him the message because any user could have encrypted it.The sender of a message therefore needs to sign it with his private key so that the recipient can check it against the sender s public key to guarantee authenticity and integrity of the data.This system is called public-key cryptography, and the two most well-known algorithms for it are Diffie-Hellman and RSA (RSA stands for Rivest, Shamir, and Adleman, the inventors of the RSA cryptosystem). The main advantage of public-key over secret-key cryptography is the increased level of security and convenience. Private keys need never be transmitted to another party by contrast, secret-key cryptography requires the exchange of the secret key over a communications channel, raising the possibility for an attacker to discover the key by eavesdropping during transmission.
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost PHP MySQL Web Hosting services
146 Chapter 4 Web Application Concepts the HPP configuration,you can access an associative array for each namespace.The following table shows the available arrays: Array Name Contents $HTTP_GET_VARS Variables from a GET request $HTTP_POST_VARS Variables from a POST request $HTTP_COOKIE_VARS Variables from cookies $HTTP_ENV_VARS Environment variables, for example $SHELL $HTTP_SESSION_VARS Session variables $HTTP_SERVER_VARS Server variables, on our box $argc and $argv Note that PHP 3.0 knows only the first three arrays. Some clever project managers are known to set the PHP configuration directive register_globals (available only in PHP 4.0) to false, to force their programmers to use the $HTTP_*_VARS arrays. You can also influence the order in which variables are added to the global name- space. By default, the variables_order configuration directive is set to EGPCB .This tells PHP to introduce variables in this order: 1. Environment variables 2. GET 3. POST 4. Cookies 5. Built-in variables (server variables) This means that if the user passes a PATH variable in the GET request, he or she would overwrite the environment variable newer values override previous values. By using getenv() or by changing the variables_order directive, you can make sure that you actually access environment variables and not user-supplied variables. Session variables always overwrite variables coming from any other space; because they re coming from an already secured trust zone, this avoids a lot of security problems. Don t Reinvent Cryptography Cryptography is the science of using mathematics to encrypt and decrypt data. It enables you to store sensitive information or transmit it across insecure communication channels so that it can t be read by anyone except the intended recipient. Data encryption is a science of its own don t even try to invent your own encryption algorithms. Use established algorithms such as RC5 or Blowfish. Encrypting with MCrypt Functions If you compiled PHP with the mcrypt module, a wide variety of powerful encryption and decryption algorithms are at your disposal. The later section The MCrypt Functions shows how to use this module and how to find out which algorithms are supported on your system.
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost PHP MySQL Web Hosting services
Security Considerations 145 the cookie information and send it to the attacker s Web site, where he or she waits for incoming session IDs, takes over the other users sessions, and buys some nice gifts for the folks at phpWizard.net. While we re good at making up stories,this could have really happened:Amazon s product search engine didn t properly encode tags until two days after a related security advisory from the CERT was released, which can be found at www.cert.org/advisories/CA-2000-02.html. Even if you keep all this advice in mind and check all user-supplied variables, it s very easy to make the wrong checks. For some applications, for example, it s desirable to allow certain HTML tags in data. One of these tags is the
tag, which allows formatting text in paragraphs. It can take an align attribute, which specifies the paragraph s alignment.To match this opening tag,on a first try you could use the regular expression
]>. But many browsers support general scripting behavior on a wide series of tags; a user could submit any JavaScript embedded in the onClick or onMouseOver event of the
tag and execute malicious code again. The first step is to understand that all these threats taken together result in a very ugly picture.You have to be really careful if you want to avoid all traps.This is also the main reason we recommend having dedicated security consultants in an application- development team. Some very general hints and guidelines to minimize these risks: n Use sessions instead of passing data from page to page on the client. n Validate all data from user space; this may include encoding or replacing the less-than sign (<), the greater-than sign (>), and the ampersand (&), and paying special attention to double quotes ( ), single quotes ( ), and whitespace, at least in tag attributes and attribute values. n Make sure that your application operates in a trusted environment. n Pay special attention to PHP s variable order (see the next section). PHP s Variable Order You know that PHP automatically makes available all GET and POST variables in the global namespace. Did you know that you can turn off this feature in PHP 4.0? Although the automatic introduction of all variables is one of the features that make PHP so easy for novice users, it can be problematic in larger and more complex applications. If you access user-passed variables from the global namespace, you can t be sure where they really come from: Is it GET, POST, or cookies? If you don t care about variable order, you accept that any user can call your script using either GET or POST. If not a security issue, this is at least bad style you should be able to choose how the data is delivered to your application. Of course, PHP provides a method to access variables from a specific namespace: If track_vars is enabled in
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost PHP MySQL Web Hosting services
144 Chapter 4 Web Application Concepts Bringing data from a lower security level to a higher level (as when importing user variables) requires more care.You can t assume that the supplied data meets any requirements not even if you supplied the data to the client in the first place. For example, you could check data in an HTML form with JavaScript on the client side, but you can t assume on the server that the data is in the format you expect because the user could have turned off JavaScript, or could have submitted the form from a Telnet prompt.Another common error is supplying data to the user and taking it for granted that it doesn t get changed. For example, a page might display account information for a user, called after the user has logged in with a query string like script.php3?user_id=1. Of course, nothing prevents the user from changing the variable user_id to something other than 1 and editing anyone s data. Many Web applications today check contents provided by one user for another user. For example, it will be hard to find a message board allowing you to enter as a keyword, and would actually get a JavaScript pop-up message in the browser (if JavaScript is enabled).As long as users enter the search terms themselves,this isn t much of a problem; the worst case would be that they crash their own browsers with malicious JavaScript. But wait.Why shouldn t users point others to the results for a certain search they find useful? For example, on phpWizard.net you can find a form that automatically searches Amazon for all PHP-related books. Now the issue gets hairy.An attacker can have a link to search results for the term on his or her public Web site.All users who follow this link (or submit the search form) will get the infamous Hello World message as a pop-up message in their browsers.You can do a lot more dangerous things than displaying messages, though. If we extend the example a little bit, we can use phpVista as a search engine in an e-commerce Web site, which uses proper session management and stores the session ID in cookies. If we also increase our attacker s IQ, he or she drops the Hello World pop-up and uses another JavaScript instead to read
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost PHP MySQL Web Hosting services
Security Considerations 143 While he confirmed our assumption that the script should be placed in a trusted environment, it shows some techniques that would make it a dangerous security leak if na ve users placed it into a publicly accessible directory. For a start, invoke it with Directory_Viewer.php3?dir=/etc.Nice,isn t it? You can browse any directory on the system from which PHP is allowed. But that s not enough:You can execute any command using that little script and easily gain root access to the server hosting it. The key section is this line: exec( ls -la $dir , $lines, $rc); The variable $dir, provided the user, is passed directly to exec().As you may know, you can concatenate shell commands with ; so what do you think will happen when $dir is equal to /etc; cat /etc/passwd ? If you want to pass this as an argument, you d need to URL-encode the string, of course, so the script would be called like this: Directory_Viewer.php3??dir=/etc%3B+cat+%2Fetc%2Fpasswd And yes, it would display the contents of /etc/passwd. Instead of the cat command, you could execute any other command, for example fetch, to get and install a Trojan horse from your own server. The remedy for this specific problem is to pass the $dir variable through EscapeShellCmd(), thus masking all critical characters that could be used to trick the shell to execute concatenated commands.Also,it may be a good idea to restrict it to list only subdirectories: $secure_dir = str_replace( . , , $dir); $secure_dir = $DOCUMENT_ROOT.dirname($PHP_SELF). /$secure_dir ; $secure_dir = EscapeShellCmd($secure_dir); The principle remains: Never trust variables provided by users. Of course, this is valid for all scripting languages,not just PHP.The same hole is present in ASP using the FileSystem object, or in Perl when executing user-defined commands. Tainted Variables We must stress this:All data coming from the user space is to be treated as tainted, untrustworthy,contaminated,potentially evil.The Internet is outside the application space in this case; in trust management, this is called a trust boundary.The application space is a trusted environment; the Internet is not. Passing data from your program to the client doesn t need much special attention (given that it gets its data from trusted systems for example, the database system must be on an equal trust level with the application itself).The only instance in which you have to take special precautions is when you want to guarantee that data is received only by one specific client, or that the client can be sure to retrieve the data from a specific instance (your server).With a normal HTTP transfer,these guarantees can t be enforced;you re advised to use SSL or an equivalent encryption layer in such a case.
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Inexpensive Web Hosting services