1 / 15

Chapter 13

Chapter 13. Security Methods Part 1. Cookies and Sessions. “Because important information is normally stored in sessions (you should never store sensitive data in cookies), security becomes more of an issue.”. login.php. Script 12.12 on pages 397 ch12script_12_12 login.php

crwys
Download Presentation

Chapter 13

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 13 Security Methods Part 1

  2. Cookies and Sessions • “Because important information is normally stored in sessions (you should never store sensitive data in cookies), security becomes more of an issue.”

  3. login.php • Script 12.12 on pages 397 • ch12\script_12_12\login.php $_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']); • The HTTP_USER_AGENT is a combination of the browser and operating system being used.

  4. loggedin.php • Script 12.13 on page 398 • ch12\script_12_13\loggedin.php if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT']) )) { // Need the functions: require ('includes/login_functions.inc.php'); redirect_user(); }

  5. Preventing Spam mail(to, subject, body, [headers]); • Enter the spam into the comments of “Contact Me” form. • In “Name:”, enter “me@example.com\nBcc:poorsap@example.org”

  6. Table 13.1 Spam Tip-offs

  7. email.php • Script 13.1 on pages 404-405 • ch13\email.php

  8. spam_scrubber() $very_bad = array('to:', 'cc:', 'bcc:', 'content-type:', 'mime-version:', 'multipart-mixed:', 'content-transfer-encoding:'); foreach ($very_bad as $v) { if (stripos($value, $v) !== false) return ''; }

  9. spam_scrubber() // Replace any newline characters with spaces: $value = str_replace(array( "\r", "\n", "%0a", "%0d"), ' ', $value);

  10. email.php $scrubbed = array_map('spam_scrubber', $_POST); $body = "Name: {$scrubbed['name']}\n\nComments: {$scrubbed['comments']}"; mail('your_email@example.com', 'Contact Form Submission', $body, "From: {$scrubbed['email']}");

  11. Validation • “if data comes from the outside of the server, it can’t be trusted.” • Whitelist • Blacklist

  12. Type Validation Functions

  13. calculator.php • Script 13.2 on pages 410-1 • http://cscdb.nku.edu/csc301/frank/ch13/calculator1.php • ch13\script_13_02\calculator.php

  14. Typecasting $quantity = (int) $_POST['quantity']; $price = (float) $_POST['price']; $tax = (float) $_POST['tax'];

  15. Assignment #22 • http://cscdb.nku.edu/csc301/frank/ch12a/view_users.php • http://cscdb.nku.edu/csc301/frank/ch12a/login.php

More Related