wu :: forums
        (http://www.ocf.berkeley.edu/~wwu/cgi-bin/yabb/YaBB.cgi)
      

        riddles >> cs >> a request (online security)
        
(Message started by: maestro on Jun 12th, 2003, 1:37am)
Title: a request (online security)
Post by maestro on Jun 12th, 2003, 1:37am
So I had to code a website for this security class that I'm taking and I'm really interested in exactly how secure the page is.  I'm not sure if this is a good idea, but I'd like to ask if any of you can crack into the page that I wanted to protect.  

As an introduction, I designed the site to protect a single webpage.  Only authorized users that have registered with the site may access this page.  Unauthenticated users who try to access the page by directly entering the page's url will find that they are denied access.  Users must login at the main page to access the protected page.  

The page that is being protected is: http://security03.servehttp.com/hw3/classified.php

The main login page can be found at:
http://security03.servehttp.com/hw3/index.php

And btw, I have posted source code for all of the pages I created.  You can find a link to that at the main login page.  Any comments or suggestions would be much appreciated!  Thanks!
Title: Re: a request (online security)
Post by James Fingas on Jun 12th, 2003, 6:25am
You shouldn't go hiding top secret military secrets on poorly secured pages ;) Clever people might discover them...
Title: Re: a request (online security)
Post by Sir Col on Jun 12th, 2003, 3:54pm
Seems fairly secure, Maestro.

1) All the server paths are hard coded and you've not made the mistake of allowing query strings to direct paths.
2) All functions are defined within the main .php document. Using include files can be dangerous if you have a coding error as the server often reports the filename that has caused an error to the client and they can then view the source code of the file in a browser.
3) The use of session variables avoids hackers using external websites to manipulate form values and/or re-route headers to classified.php.

Perhaps...
1) Rather than store the password in plain text a preferred method is to use a one-way hash on the password; again, hard code the salt (I notice you had commented the crypt() function out, so you must have been thinking about it).
2) Log visitor's IP addresses to stop brute force attack on login.php.
Title: Re: a request (online security)
Post by maestro on Jun 18th, 2003, 5:08pm

on 06/12/03 at 15:54:35, Sir Col wrote:
Seems fairly secure, Maestro.

1) All the server paths are hard coded and you've not made the mistake of allowing query strings to direct paths.
2) All functions are defined within the main .php document. Using include files can be dangerous if you have a coding error as the server often reports the filename that has caused an error to the client and they can then view the source code of the file in a browser.
3) The use of session variables avoids hackers using external websites to manipulate form values and/or re-route headers to classified.php.

Perhaps...
1) Rather than store the password in plain text a preferred method is to use a one-way hash on the password; again, hard code the salt (I notice you had commented the crypt() function out, so you must have been thinking about it).
2) Log visitor's IP addresses to stop brute force attack on login.php.



Thanks so much!  That was most helpful.


Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board