Security, Late Nights and Overall Paranoia

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm currently trying to develop a simple CMS system for folks to use on their web sites. Thanks to all the great people on this list I've learned a lot about securing php, especially
along the lines of never trust anything you get from the user.

So far I've been able to verify, allow, deny data that comes from the user, but I've run into a problem. I want the templates used on the site to be editable through the web interface. I know a lot of the forum/CMS software out there allows this, but it's an area where I have to implicitly "trust" the data coming in to be "good". While I can run mysql_real_escape_string() on the incoming data to help guard against sql injection attacks, I can't do any strip_tags() or htmlentities() to guard against html injection. I've set the permissions up so that only one "super administrator" account will have access to this area. And overall the users who have access to the CMS are going to be only from the organization who owns the site, ie. it's not
"open to the public" in any way.

My concern though is that "bad guys" from outside the organization will be able to "attack" the CMS application portion at this point to deface or otherwise inject malicious html into the web site. I've got a "session" management part that controls access through a md5(random #) "session id"/cookie that is changed on each page load, and the forms all have another hidden md5(random #) value that is checked on form submission, and I'm requiring an SSL connection for all transactions. I"m also checking the ip and user agent, although I know the pros/cons of that too, I'm figuring it's one more thing an attacker will have to guess/get.

My question is, does an SSL connection provide enough protection against a man-in-the-middle attack that could possibly get the cookie/ip/user agent from a valid user? I'm figuring the web site owner will have to be responsible for keeping the one and only username/password that can access this part of the site out of the hands of untrusted employees, but I'm still wondering about
an outside attack.

Is there anything else that can be checked to verify the identity of a request/post?

Is it really stupid to allow the templates to be edited through the web interface?

TIA to all who read and reply. (TM)" I love you guys"(TM)


Edward Vermillion
evermillion@xxxxxxxxxxxx

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux