国产av日韩一区二区三区精品,成人性爱视频在线观看,国产,欧美,日韩,一区,www.成色av久久成人,2222eeee成人天堂

Home php教程 php手冊(cè) php xfocus防注入資料

php xfocus防注入資料

Jun 13, 2016 pm 12:28 PM
php 。 I technology Compare injection of Simple material

這里沒有太深的技術(shù)含量,我只是比較簡單的談了談。(以下操作如無具體說?明,都是基于PHP+MySQL+Apache的情況)?在現(xiàn)在各種黑客橫行的時(shí)候,如何實(shí)現(xiàn)自己php代碼安全,保證程序和服務(wù)器的安全是一個(gè)很重要的問題,我隨便看了下關(guān)于php安全的資料,并不是很?多,至少比asp少多了,呵呵,于是就想寫點(diǎn)東西,來防止這些可能出現(xiàn)的情況。這里沒有太深的技術(shù)含量,我只是比較簡單的談了談。(以下操作如無具體說?明,都是基于PHP+MySQL+Apache的情況)?
????先來說說安全問題,我們首先看一下兩篇文章:
http://www.xfocus.net/articles/200107/227.html?????
http://www.xfocus.net/articles/200107/228.html

????上面文章是安全焦點(diǎn)上的關(guān)于PHP安全的文章,基本上比較全面的介紹了關(guān)于PHP的一些安全問題。

????在PHP編碼的時(shí)候,如果考慮到一些比較基本的安全問題,首先一點(diǎn):
1.?初始化你的變量

????為什么這么說呢?我們看下面的代碼:
if?($admin)
{
????echo?'登陸成功!';
????include('admin.php');
}
else
{
????echo?'你不是管理員,無法進(jìn)行管理!';
}

????好,我們看上面的代碼好像是能正常運(yùn)行,沒有問題,那么加入我提交一個(gè)非法的參數(shù)過去呢,那么效果會(huì)如何呢?比如我們的這個(gè)頁是?http://www.traget.com/login.php,那么我們提交:http://www.target.com/login.php?admin=1,呵呵,你想一些,我們是不是直接就是管理員了,直接進(jìn)行管理。
????當(dāng)然,可能我們不會(huì)犯這么簡單錯(cuò)的錯(cuò)誤,那么一些很隱秘的錯(cuò)誤也可能導(dǎo)致這個(gè)問題,比如最近暴出來的phpwind?1.3.6論壇有個(gè)漏洞,導(dǎo)致能夠直接拿到管理員權(quán)限,就是因?yàn)橛袀€(gè)$skin變量沒有初始化,導(dǎo)致了后面一系列問題。

????那么我們?nèi)绾伪苊馍厦娴膯栴}呢?首先,從php.ini入手,把php.ini里面的register_global?=?off,就是不是所有的注冊(cè)變量為全局,那么就能避免了。但是,我們不是服務(wù)器管理員,只能從代碼上改進(jìn)了,那么我們?nèi)绾胃倪M(jìn)上面的代碼呢?我們改寫如?下:
$admin?=?0;??????//?初始化變量
if?($_POST['admin_user']?&&?$_POST['admin_pass'])
{
????//?判斷提交的管理員用戶名和密碼是不是對(duì)的相應(yīng)的處理代碼
????//?...
????$admin?=?1;
}
else
{
????$admin?=?0;
}

if?($admin)
{
????echo?'登陸成功!';
????include('admin.php');
}
else
{
????echo?'你不是管理員,無法進(jìn)行管理!';
}

????那么這時(shí)候你再提交?http://www.target.com/login.php?admin=1?就不好使了,因?yàn)槲覀冊(cè)谝婚_始就把變量初始化為?$admin?=?0?了,那么你就無法通過這個(gè)漏洞獲取管理員權(quán)限。


2.?防止SQL?Injection?(sql注射)

????SQL?注射應(yīng)該是目前程序危害最大的了,包括最早從asp到php,基本上都是國內(nèi)這兩年流行的技術(shù),基本原理就是通過對(duì)提交變量的不過濾形成注入點(diǎn)然后使惡意用戶能夠提交一些sql查詢語句,導(dǎo)致重要數(shù)據(jù)被竊取、數(shù)據(jù)丟失或者損壞,或者被入侵到后臺(tái)管理。
基本原理我就不說了,我們看看下面兩篇文章就很明白了:
http://www.4ngel.net/article/36.htm
http://www.4ngel.net/article/30.htm

????那么我們既然了解了基本的注射入侵的方式,那么我們?nèi)绾稳シ婪赌??這個(gè)就應(yīng)該我們從代碼去入手了。

????我們知道Web上提交數(shù)據(jù)有兩種方式,一種是get、一種是post,那么很多常見的sql注射就是從get方式入手的,而且注射的語句里面一定是包含一些sql語句的,因?yàn)闆]有sql語句,那么如何進(jìn)行,sql語句有四大句:
????select?、update、delete、insert,那么我們?nèi)绻谖覀兲峤坏臄?shù)據(jù)中進(jìn)行過濾是不是能夠避免這些問題呢?
????于是我們使用正則就構(gòu)建如下函數(shù):

/*
函數(shù)名稱:inject_check()
函數(shù)作用:檢測提交的值是不是含有SQL注射的字符,防止注射,保護(hù)服務(wù)器安全
參????????數(shù):$sql_str:?提交的變量
返?回?值:返回檢測結(jié)果,ture?or?false
函數(shù)作者:heiyeluren
*/
function?inject_check($sql_str)
{
?????return?eregi('select|insert|update|delete|'|/*|*|../|./|union|into|load_file|outfile',?$sql_str);????//?進(jìn)行過濾
}

????我們函數(shù)里把?select,insert,update,delete,?union,?into,?load_file,?outfile?/*,?./?,?../?,?'?等等危險(xiǎn)的參數(shù)字符串全部過濾掉,那么就能夠控制提交的參數(shù)了,程序可以這么構(gòu)建:

if?(inject_check($_GET['id']))
{
?????exit('你提交的數(shù)據(jù)非法,請(qǐng)檢查后重新提交!');
}
else
{
????$id?=?$_GET['id'];
????echo?'提交的數(shù)據(jù)合法,請(qǐng)繼續(xù)!';
}
?>
????假設(shè)我們提交URL為:http://www.target.com/a.php?id=1,那么就會(huì)提示:
????"提交的數(shù)據(jù)合法,請(qǐng)繼續(xù)!"
????如果我們提交?http://www.target.com/a.php?id=1'?select?*?from?tb_name
????就會(huì)出現(xiàn)提示:"你提交的數(shù)據(jù)非法,請(qǐng)檢查后重新提交!"

????那么就達(dá)到了我們的要求。

????但是,問題還沒有解決,假如我們提交的是?http://www.target.com/a.php?id=1asdfasdfasdf?呢,我們這個(gè)是符合上面的規(guī)則的,但是呢,它是不符合要求的,于是我們?yōu)榱丝赡芷渌那闆r,我們?cè)贅?gòu)建一個(gè)函數(shù)來進(jìn)行檢查:

/*
函數(shù)名稱:verify_id()
函數(shù)作用:校驗(yàn)提交的ID類值是否合法
參????????數(shù):$id:?提交的ID值
返?回?值:返回處理后的ID
函數(shù)作者:heiyeluren
*/
function?verify_id($id=null)
{
???if?(!$id)?{?exit('沒有提交參數(shù)!');?}????//?是否為空判斷
???elseif?(inject_check($id))?{?exit('提交的參數(shù)非法!');?}????//?注射判斷
???elseif?(!is_numeric($id))?{?exit('提交的參數(shù)非法!');?}????//?數(shù)字判斷
???$id?=?intval($id);????//?整型化

???return??$id;
}

????呵呵,那么我們就能夠進(jìn)行校驗(yàn)了,于是我們上面的程序代碼就變成了下面的:

if?(inject_check($_GET['id']))
{
?????exit('你提交的數(shù)據(jù)非法,請(qǐng)檢查后重新提交!');
}
else
{
????$id?=?verify_id($_GET['id']);????//?這里引用了我們的過濾函數(shù),對(duì)$id進(jìn)行過濾
????echo?'提交的數(shù)據(jù)合法,請(qǐng)繼續(xù)!';
}
?>

????好,問題到這里似乎都解決了,但是我們有沒有考慮過post提交的數(shù)據(jù),大批量的數(shù)據(jù)呢?
????比如一些字符可能會(huì)對(duì)數(shù)據(jù)庫造成危害,比如?'?_?',?'?%?',這些字符都有特殊意義,那么我們?nèi)绻M(jìn)行控制呢?還有一點(diǎn),就是當(dāng)我們的php.ini里面的magic_quotes_gpc?=?off?的時(shí)候,那么提交的不符合數(shù)據(jù)庫規(guī)則的數(shù)據(jù)都是不會(huì)自動(dòng)在前面加'?'的,那么我們要控制這些問題,于是構(gòu)建如下函數(shù):

/*
函數(shù)名稱:str_check()
函數(shù)作用:對(duì)提交的字符串進(jìn)行過濾
參????數(shù):$var:?要處理的字符串
返?回?值:返回過濾后的字符串
函數(shù)作者:heiyeluren
*/
function?str_check(?$str?)
{
???if?(!get_magic_quotes_gpc())????//?判斷magic_quotes_gpc是否打開
???{
??????$str?=?addslashes($str);????//?進(jìn)行過濾
}
?????$str?=?str_replace("_",?"_",?$str);????//?把?'_'過濾掉
?????$str?=?str_replace("%",?"%",?$str);????//?把'?%?'過濾掉

???return?$str;?
}

OK,我們又一次的避免了服務(wù)器被淪陷的危險(xiǎn)。

????最后,再考慮提交一些大批量數(shù)據(jù)的情況,比如發(fā)貼,或者寫文章、新聞,我們需要一些函數(shù)來幫我們過濾和進(jìn)行轉(zhuǎn)換,再上面函數(shù)的基礎(chǔ)上,我們構(gòu)建如下函數(shù):

/*
函數(shù)名稱:post_check()
函數(shù)作用:對(duì)提交的編輯內(nèi)容進(jìn)行處理
參????數(shù):$post:?要提交的內(nèi)容
返?回?值:$post:?返回過濾后的內(nèi)容
函數(shù)作者:heiyeluren
*/
function?post_check($post)
{
???if?(!get_magic_quotes_gpc())????//?判斷magic_quotes_gpc是否為打開
???{
??????$post?=?addslashes($post);????//?進(jìn)行magic_quotes_gpc沒有打開的情況對(duì)提交數(shù)據(jù)的過濾
???}
???$post?=?str_replace("_",?"_",?$post);????//?把?'_'過濾掉
???$post?=?str_replace("%",?"%",?$post);????//?把'?%?'過濾掉
???$post?=?nl2br($post);????//?回車轉(zhuǎn)換
???$post=?htmlspecialchars($post);????//?html標(biāo)記轉(zhuǎn)換

???return?$post;
}

????呵呵,基本到這里,我們把一些情況都說了一遍,其實(shí)我覺得自己講的東西還很少,至少我才只講了兩方面,再整個(gè)安全中是很少的內(nèi)容了,考慮下一次講更多,包括php安全配置,apache安全等等,讓我們的安全正的是一個(gè)整體,作到最安全。

????最后在告訴你上面表達(dá)的:1.?初始化你的變量??2.?一定記得要過濾你的變量

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undress AI Tool

Undress AI Tool

Undress images for free

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

How to get the current session ID in PHP? How to get the current session ID in PHP? Jul 13, 2025 am 03:02 AM

The method to get the current session ID in PHP is to use the session_id() function, but you must call session_start() to successfully obtain it. 1. Call session_start() to start the session; 2. Use session_id() to read the session ID and output a string similar to abc123def456ghi789; 3. If the return is empty, check whether session_start() is missing, whether the user accesses for the first time, or whether the session is destroyed; 4. The session ID can be used for logging, security verification and cross-request communication, but security needs to be paid attention to. Make sure that the session is correctly enabled and the ID can be obtained successfully.

PHP get substring from a string PHP get substring from a string Jul 13, 2025 am 02:59 AM

To extract substrings from PHP strings, you can use the substr() function, which is syntax substr(string$string,int$start,?int$length=null), and if the length is not specified, it will be intercepted to the end; when processing multi-byte characters such as Chinese, you should use the mb_substr() function to avoid garbled code; if you need to intercept the string according to a specific separator, you can use exploit() or combine strpos() and substr() to implement it, such as extracting file name extensions or domain names.

How do you perform unit testing for php code? How do you perform unit testing for php code? Jul 13, 2025 am 02:54 AM

UnittestinginPHPinvolvesverifyingindividualcodeunitslikefunctionsormethodstocatchbugsearlyandensurereliablerefactoring.1)SetupPHPUnitviaComposer,createatestdirectory,andconfigureautoloadandphpunit.xml.2)Writetestcasesfollowingthearrange-act-assertpat

How to split a string into an array in PHP How to split a string into an array in PHP Jul 13, 2025 am 02:59 AM

In PHP, the most common method is to split the string into an array using the exploit() function. This function divides the string into multiple parts through the specified delimiter and returns an array. The syntax is exploit(separator, string, limit), where separator is the separator, string is the original string, and limit is an optional parameter to control the maximum number of segments. For example $str="apple,banana,orange";$arr=explode(",",$str); The result is ["apple","bana

JavaScript Data Types: Primitive vs Reference JavaScript Data Types: Primitive vs Reference Jul 13, 2025 am 02:43 AM

JavaScript data types are divided into primitive types and reference types. Primitive types include string, number, boolean, null, undefined, and symbol. The values are immutable and copies are copied when assigning values, so they do not affect each other; reference types such as objects, arrays and functions store memory addresses, and variables pointing to the same object will affect each other. Typeof and instanceof can be used to determine types, but pay attention to the historical issues of typeofnull. Understanding these two types of differences can help write more stable and reliable code.

Using std::chrono in C Using std::chrono in C Jul 15, 2025 am 01:30 AM

std::chrono is used in C to process time, including obtaining the current time, measuring execution time, operation time point and duration, and formatting analysis time. 1. Use std::chrono::system_clock::now() to obtain the current time, which can be converted into a readable string, but the system clock may not be monotonous; 2. Use std::chrono::steady_clock to measure the execution time to ensure monotony, and convert it into milliseconds, seconds and other units through duration_cast; 3. Time point (time_point) and duration (duration) can be interoperable, but attention should be paid to unit compatibility and clock epoch (epoch)

How to pass a session variable to another page in PHP? How to pass a session variable to another page in PHP? Jul 13, 2025 am 02:39 AM

In PHP, to pass a session variable to another page, the key is to start the session correctly and use the same $_SESSION key name. 1. Before using session variables for each page, it must be called session_start() and placed in the front of the script; 2. Set session variables such as $_SESSION['username']='JohnDoe' on the first page; 3. After calling session_start() on another page, access the variables through the same key name; 4. Make sure that session_start() is called on each page, avoid outputting content in advance, and check that the session storage path on the server is writable; 5. Use ses

How does PHP handle Environment Variables? How does PHP handle Environment Variables? Jul 14, 2025 am 03:01 AM

ToaccessenvironmentvariablesinPHP,usegetenv()orthe$_ENVsuperglobal.1.getenv('VAR_NAME')retrievesaspecificvariable.2.$_ENV['VAR_NAME']accessesvariablesifvariables_orderinphp.iniincludes"E".SetvariablesviaCLIwithVAR=valuephpscript.php,inApach

See all articles