RE: Security: Passing URLs between pages for redirect

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



[snip]
Currently I'm building a small application for internal office use but
I'd like to get some feedback on a certain aspect of it.

When someone tries to access a page they do not have access to they are
redirected to the login page with the URL they tried to access in the
querystring. This URL is then snuck into the login form as a hidden
variable (called 'nexturl') so they can be sent back to the page they
came from after a successful login.

I can see this happening when someone bookmarks one of their own pages
and then tries to go directly there after their session has ended.
Instead of making them navigate all the way back to that page I figure
I'll just send them directly.

My question for the list is: Are there any validation checks I should do
on the 'nexturl' variable before it is used as a redirect?

The only situation I can come up with where this could be exploited is
if someone sends a malicious URL through email to another employee with
the intention of course being that after they successfully login they
will be redirected to desired URL.

Are there any "best practices" for this kind of thing? Would it be
enough to verify that the page being redirected to is within my own
domain?
[/snip]

You could always make the value a session variable and then use location
to redirect. That way the URL is hidden from the user and would prevent
others from spoofing.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux