Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: Reviewing security parameters
From: exon (exonhome.se)
Date: Fri Apr 16 2004 - 13:39:18 CDT
Simon Lemieux wrote:
> Hi there,
> I just composed a login page for my administration of my website.
> I just wanted to make sure I had taken everything in consideration when
> programming that php script. My main focus is, of course, security.
> At first a login variable is initialized with "guest" in it. If the
> whole script fails or if the user was not granted access, it will return
> "guest". It is then the duty of the index.php (that called my login
> script) to check what login was returned and take action if it was
> "guest", like refusing all access. But as you see the script is also
> designed to let a guest come in and still use some things.
> Guest access is denied on my administration page of course.
> The script checks if it was run using SSL. If not it will automatically
> return the "guest" user and will print a link to the same page with
> https://... So it always authenticate users with SSL.
> Also, the inputs the user will send to login are the forms _REQUESTs
> that contains login and password and then the input become a COOKIE
> which contains a random ID. All these inputs are checked to see if they
> are trustable; they must contain only letters and numbers, I've also
> allowed some punctuation but no " or '...
> The Cookie ID is a string of 32 characters given randomly and stored in
> a login database with the user's IP address and user ID.
> So I check to see if both ID and IP matches the user's.
> At any point if the Cookie contains wrong information or if it contains
> untrustable characters, the user is disconnected (ie. all login records
> are closed and user will have to re-auth).
> Logins, disconnection, bad login/passwords, untrustable characters are
> reported in a Log database.
> Do you guys think this script is safe?
If you post it I might be able to tell you. If you don't, then there's
no way of telling if the script is safe or not. It sounds like you're
thinking in a good direction, but until I see the code I can't really be
of more help than that.