FRIHOST • FORUMS • SEARCH • FAQ • TOS • BLOGS • COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


How insecure is it?





imagefree
its insecure

Code:
if (isset($HTTP_POST_VARS[’email’]))
{
     $email = $HTTP_POST_VARS[’email’];
     $password = $HTTP_POST_VARS[’password’];
     $go = true;
}
if ($go == true)
{
     if ($error == false)
     {
          if (check_email_address($email))
          {
               $error = false;
          }
          else
          {
               $error = $email . ’ is not a valid email address.’;
               echo print_page($error);
          }
     }
}


how?
kv
It doesn't do anything apart from checking few variables. What do you mean by "insecure"?
Peterssidan
What we can se of this code here I can't see anything that can go wrong but that depends on what the check_email_address does. A good idea is to always strip the values that comes from the user becouse you can never trust that.
jabapyth
has someone told you its insecure? ask them.
imagefree
jabapyth wrote:
has someone told you its insecure? ask them.


If i am not wrong, the line 17

Code:
$error = $email . ’ is not a valid email address.’;


creates insecurity.
snowboardalliance
If register global (or whatever it's called) is on, then going to your page with www.site.com/index.php?go=true would skip the first conditional, but I don't know if that is what you were talking about. It's difficult to say how it is "insecure" when it doesn't really "do" anything.
sonam
First of all $HTTP_POST_VARS[’email’] is old type of coding how you can see here:
http://hr.php.net/reserved.variables

Second, your posted script is part of some bigger script and it is not at possible to know is it secure or not. But, this small part talking me how is script "very old" (two-three years) and I am sugest to you find out something better.

Sonam
alem
i am not sure but may be you should be careful about POST vars before you write them into your page...(for example $email variable)and for security you can use PHP htmlentities Function...

as i said i am not sure of it but you had better look this page.
roboguyspacedude
The only thing it does is pass a variable named email. It can't do anything and can't be attacked unless some person knew the script and somehow managed to inject sql into it which would then maybe be activated when the script returns the message, but i don't think it would since php can't echo php script.
Agent ME
Ditto - the script doesn't access any database or password, or write any data.

What's the point of the line #13?
$error = false;
It already has to be false in order to pass the if statement 4 lines above it.
imagefree
Agent ME wrote:
Ditto - the script doesn't access any database or password, or write any data.

What's the point of the line #13?
$error = false;
It already has to be false in order to pass the if statement 4 lines above it.


yes here is a littlebit mistake.




@alem You are rite. Letting the user submitted data goto the database or printing it exactly is dangerous. (Just Imagine it has some javascript or instructions for database!!! i dont know what it is called about databases, may be a query.)
Stubru Freak
imagefree wrote:
Agent ME wrote:
Ditto - the script doesn't access any database or password, or write any data.

What's the point of the line #13?
$error = false;
It already has to be false in order to pass the if statement 4 lines above it.


yes here is a littlebit mistake.




@alem You are rite. Letting the user submitted data goto the database or printing it exactly is dangerous. (Just Imagine it has some javascript or instructions for database!!! i dont know what it is called about databases, may be a query.)


Printing it isn't actually dangerous, as long as it is only printed to the same user that requested it. The only thing the user can do is steal his own data. If you would print this to anyone else the user could steal his cookies.
Also, if this was a GET variable it would be dangerous, as the user could be tricked into opening it just with a link or a redirect.
manav
might be prone to xss...

or sql injection even...

escape characters before accepting input from forms....

guess u need a library to avoid xss attacks...
Fire Boar
You can't have an SQL injection unless you're accessing SQL. Stands to reason, no?
Stubru Freak
Fire Boar wrote:
You can't have an SQL injection unless you're accessing SQL. Stands to reason, no?


In theory you don't know what check_email_address does. It might check in a database if it's already present or blocked/banned.

But you're right, SQL injection isn't the most logical problem here.
Fire Boar
Hm, that's true. It all really boils down to what check_email_address does. If it performs an SQL query without first using something like addslashes, it is insecure and prone to injections. Otherwise, the page is perfectly harmless.
Related topics
Why use Gmail?
Why use IE?
A "small" list of free apps
Account suspended (Fourthbean)
The anihalation of the net?
Desktop sidebar
html login system
managing a bilingual site
Permissions problem with Linux
How To : Secure Your PHP Website
Firefox 1.5 beta 1 released
Moveable Type Install
FAQMasterFlex log in trouble
Installment Erro---Plz help me!
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.