I am just wondering, how could someone craft an html to steal cookies? If your cookie distribution is done right, I don't think you need to worry about this. There are a gazillion of sites (CMS-based, wiki-based, etc, including php.net) that allow users to contribute html. They are not concern about security of data delivery. I think, page breaking html is more prominent issue, which you could eliminate with BBcode or wiki language. Perhaps you are being a little paranoid? Or do I miss something? > > Unless I'm really missing something important, for 'this' particular > part of the application, any BBCode/Tag stripping/rewriting > scheme would be useless since what they will be editing is the actual > templates that make the page, therefore all tags > would have to be allowed. > > It's not the legitimate user I'm worried about doing something wrong, > it's that if it's possible for a legitimate user to do this, > then some "Bad Guy" somewhere "may" be able to do this too. > > I've pretty much eliminated the possibility of someone using say cURL > or some other mechanism to post information > to the form processor directly. If they can guess two md5 hashes of two > different random numbers that may or may not > be set to allow the transaction as well as the ip/user agent associated > with one of the numbers, then nothing I do will > keep them out because they are GOD, or have a _lot_ of time on their > hands. Plus, the clients account will have more than > likely been shut down for going over their bandwidth quota from the > attempts. > > [If I'm wrong in my assumptions here, someone please slap me in the > head] > > What I'm worried about is someone grabbing a valid cookie id, and in > the short time-span that it _is_ valid, being able to > pull up the actual post form, which will then give them the second > number and the ip/user agent, and "legitimately" > posting malicious code. So yes, SSL is necessary at this point to try > to keep that cookie secret. If it can, which is what > I'm being paranoid about. This is a weak spot in the code "because" I > have to trust that the user is who they say they > are, all things considered. And at this point, I'm relying on SSL to be > the security "rock" that plugs up this hole. > > Is SSL enough to keep the cookie safe? > > Is it absolutely stupid to allow this, even if there will only ever be > one username/password combo that will be allowed > to access this part? Other parts of the admin console will be open to > other users though. > > The actual web site, ie the pages created and maintained by the > application, is open to the public and there is no > SSL there, no cookies or info other than the html request/response of a > 'normal' site. > > Edward Vermillion > evermillion@xxxxxxxxxxxx > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
