Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Totaly lost with PHP security

Status
Not open for further replies.

titanzero

Programmer
May 3, 2007
30
EU
Hi everybody,

I am quite new to security. I've programmed PHP for some time now but have never needed any really robust security for my projects. However, I've undertaken a rather large project and now need some fancy security features.

I want a PHP script that can create PHP files on my web server. The creating script should only be executed by site admins. The script will then build another script which can then be executed by anyone who browses the site. Basically its a script to make PHP webpages.

E.G
admin/newPage.php < this script will create the HTML and PHP needed for the new page and then save it to root of the website
page001.php < this is the new page created which will need to be executed by browsers of the site. The directory in which page001.php is located will need to restricted except for the site admins who can exicute admin/newPage.php

The problem is I have no idea how to implement the security for such a idea or if its even possible.

I can control who can run the creating script quite easily. But how do I allow this script to write to the server without compromising security?

I honestly have no idea where to start my research. Can anyone point me in the direction of some info to get me started?

Does anyone know if what I am trying to do is even possible?

Thank you very much for your time
Andrew Wieland
 
would certainly be possible, but it sounds like getting into dangerous territory- giving a 'world' user the ability to write PHP code? That's like opening up SQL injection on purpose.

I wouldn't recommend it, but instead suggest that you rethink the necessity of writing PHP files and see if you can come up with a different, less open-ended solution.

If you must go that direction, I'd start with the Authentication of users. This is a big subject in itself, but if you properly authenticate a user and disallow non-authenticated users from any and all pages, you will have much success with security.

Then, be sure to fully validate and lock down all form input. Default Deny is more reliable than Default Allow.

Another area to check is your server security. Is this a shared host or on a box all by itself? How can you guarantee the safety of your own box from hacking. If it's a shared box, then you have to be sure the cross-account authentication is adequate. There are fewer exploits nowadays, but they will always exist, so if you want to stay as secure as you can, it would have to be a single site on a single server.

Just some thoughts off the top of my head- I hope it helps!
 
I have done something similar
What you need is (if possible to restrain page content)
you might even have a few pages "template"
Create your tpl using a content display by chunks
something like {INTRO} etc...
The admin script copies that page in a pre defined dir
it could even write to the page an ID number so you may call the page upon its ID

each page could only be written where it allows content to be added

your job is only to verify user's input
and secure data written to DB
 
there are a number of approaches to this.

and each approach has two parts to it:
1. how do you control access to the pages that allow file system writes; and
2. how do you prevent other pages from having write permissions.

the easiest one to implement is

1. ecure the page that allows write access to the filesystem. this can be done with php forms-based authentication, or using a web server based alternative (htaccess, for example). couple either of these methods with ssl and you've got some fairly secure access control.

2. in general do not provide the apache user (or whatever permission the php script is running under) to have filesystem access. Then in the relevant script use a system call with sudo to do the actual writing. store the sudo u/name and pwd in an included file outside of the web root.

personally i'm a bit slack on both sides. i leave my scripts with write access below the web root and just make sure that my scripts don't have security holes in them that would allow unauthorised exploitation of the write access.

if allowing user access to scripting i would be very sure to make sure that either my users are trusted (oh yeah...) or that all user scripts are placed in a folder that has a whole bunch of php functions prohibited by a folder specific php.ini file.

another alternative might be to use sudoexec, but i have not fully thought this through.
 
Hi again,

Thanks very much people. This has all been most helpful. I have plently of ideas to explore now. Thanks again its much appreciated.

Andrew
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top