At 08:34 AM 2/6/2006, Christopher Taylor wrote:
I only changed the file extension as an experiment. I understand
that the changing of the file extension does nothing for security,
but it does allow the functions residing on my site to be read and
executed on the client's server.
Chris,
PHP can read (and execute, if it's PHP script) any publicly
accessible file on any server regardless of its extension. Cf.:
http://php.net/include
http://php.net/require
http://php.net/file-get-contents
http://php.net/eval
Some of the scripts involve some sophisticated encryption/decryption
for credit cards. One customer had similar code and the chose to
manage the site themselves. There were some security issues that
arose from them giving ftp access to to the site to just about
anyone. I am looking to prevent this sort of thing from occurring again.
I wouldn't think that security would necessarily be compromised if
the encryption logic were READABLE, just so long as the keys (data)
were kept secure. You need to do is protect the encryption logic
from being MODIFIED, which you are probably doing simply by keeping
it on your server as you say.
However, if someone's got FTP access to the client server and thus to
the topmost PHP scripts that generate pages and call functions, they
can likely circumvent security whether or not your encryption logic
is secure. For example, by preventing your logic from being called
at all, or calling it but then replacing a negative result with a
positive, or by reading it and modifying it before executing it.
Perhaps what you need to do is to separate client sites into two
chunks, the non-secure pages for their regular webmaster to modify
and the secure chunks for someone bonded (or otherwise specially
trusted) to maintain. Good, clean separation of data from logic from
presentation will help give the client freedom to tweak their pages
without giving away the key to the back door.
Good luck,
Paul
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php