Solved

security: how to detect where user comes from..

Posted on 2004-05-01
3
194 Views
Last Modified: 2011-09-20
hi everyone,

i am struggling with the following. I have a flashfile from wich i call a script called
main.php. This file is called upon like this: main.php?action=delete&Id=1 etc.

But when i call this file directly in a browser it also works, that is a potential security risk.
From flash i can send a string along, but when i look in the history of my browser, it shows
the whole url and string...

So my question is: can i detect if the user comes from the flashfile? if yes, then execute
the .php script, if not, redirect to somewhere else.

Thanks in advance,

derek
0
Comment
Question by:dwax
3 Comments
 

Expert Comment

by:yavosh
Comment Utility
You could use the $_SERVER['HTTP_REFERER'] variable to check for the flash file but this can easily be forged and is not very reliable.

second option, you could use post to send a password to the flash file (an not sure how this would work from flash)

a third option is to use some sort of challenge responce system but this might be a bit of an over kill, here is how such a system might work

first time you connect to the script you get a session id back.

you use a secret password to hash the session id. the most common hash function is md5, there should be an implementation in flash for it.

so
$challenge = md5($sessionid, 'secret');

when you send the script the correct challenge you get your desired output. in such a way your password (secret) is never transmitted in the clear. the only security problem might appear if some one hijacks the session

yavor
0
 

Author Comment

by:dwax
Comment Utility
Hi yavor,

thanks for your respons... What do you think of the following:

I get a password from Mysql wich is MD5, when i retrieve it, i leave the MD5 encryption intact,
then i get something like '`1453245hjgjh43545', or whatever. I read this into flash, still leaving the
MD5 intact. When i call the .php script from flash i use something like this:

main.php?action=delete&ID=1&pass=asdsd987sad8sdasd

In the beginning of main.php i decrypt the MD5 password. et  voila?

Is this possible, and safe? Or can anyone copy and paste the encrypted MD5 into a .php script and decrypt it?

like to hear your opinion,

regards,

derek
0
 
LVL 2

Accepted Solution

by:
ramonklown earned 105 total points
Comment Utility
If you don´t trust mysql databases then why are you working with them in the first place? It´s an obvious answer to your MD5 question.

And plus there are hundreds of MD5 decryptors so you can specify to a specify encrytion but the decryptor will decrypt anyways. So if the guys has all the trouble to get there and the knowledge ofcouse he is gonna have a decrypting program. Or he can make a script himself to decrypt.

There are like 30 - 50 default different encryptions (Í´ve read about this a long time ago). But ofcourse you can make your own.


***The best way to keep things safe are session vars.

you create a session variable
$query = mysql_query("select * from database where user='$_POST[user] AND pass='$_POST[pass]'");
$check = mysql_num_rows($query);

if ($check > 0) {
session_start();
$_SESSION['username'] = $_POST['email'];
}

/*on the next page, registered is if he already filledout form and status is if his email is valid*/
if ($_SESSION['username']) {
session_start();
$query = ("select * from database where user='$_SESSION['username']' AND registered='1' AND status='1'");
$check = mysql_num_rows($query);
if ($check) {
//page content
}
else { include("error.php"); }
}
else {include ("error.php");}
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now