All depends on how the data is used after it's interpreted/split:
http://www.example.com/index.php/edit/customer/1234
$action = "edit";
$type = "customer";
$id = "1234";
header("Location:
http://www.example.com/index.php?action=$action&type=$type&id=$id";);
In this case, what happens if someone does:
http://www.example.com/index.php/edit/customer/1234&adminaccess=1
$action = "edit";
$type = "customer";
$id = "1234&adminaccess=1";
header("Location:
http://www.example.com/index.php?action=$action&type=$type&id=$id";);
redirects to:
http://www.example.com/index.php?action=edit&type=customer&id=1234&adminaccess=1
Or if that data was used in a SQL query, you could open yourself up to a SQL
injection attack.... basically all the kind of concerns you have when
handling user input in general, but you have to ask yourself "What could
someone do is they manually entered a URL instead of just clicking on a link
that we generated... what other data is passed via $_GET vars or other data
that's affected by the pre-rewrite URL).
Maybe your stuff is ok... maybe the worst that happens is it looks for an id of
"1234&adminaccess=1" and doesn't find it.
Security tends to involve dealing with what we know is a security risk... while
hacking (the illegal kind) is only limited by the imagination and skill of the
hacker. So good security relies on as much imagination and creativity as you
can conjure up and hopefully it's more than the hacker trying to poke at your
system. :) In other words, ALWAYS think of the worst-case scenario when
thinking about security... isolate, restrict and scrub your input
vigorously..hah
-TG
And you split on the forward slash.. you might get:
= = = Original message = = =
No arguments here ;-). For what it's worth, I've used this technique just to
simply clean up the url's a bit. With that in mind, I usually don't need to
do a terrible amount of scrubbing because I'm using the variables in the url
more for navigation. So
http://www.example.com/index.php/edit/customer/1234simply tells my
script to display a form that will allow the user to edit
customer 1234, if the first sections of $_SERVER['PATH_INFO'] isn't exactly
what I'm expecting then I moce on to whatever the default action is (except
of course for the customer id at the end). Really this isn't any different
than http://www.example.com/index.php?action=edit&type=customer&id=1234 in
terms of security. If I'm wrong someone please let me know as I do use this
technique quite a bit.
- Joe
___________________________________________________________
Sent by ePrompter, the premier email notification software.
Free download at http://www.ePrompter.com.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
