Kurinchi Blogger Scribbles …


Archive for the ‘Security’ Category

Jul 20
2009

What is Kerberos Authentication System?

Last updated: July 24th, 2009

Kerberos Authentication is a means by which a communicating entity on a non-secure network can prove itself to another entity about its identity in a secured way.

In a system developed for a client-server model, it is inconceivable to identify the threat posed by the network users and the intruders.

Primary goal of Kerberos Authentication System is to prevent free text based transmission of passwords over the network.

Kerberos was created by MIT with a license similar to BSD and the current version is Version 5. It is implemented across various OS – Linux, Unix, Windows, MacOS.

Kerberos system is built on a symmetric key algorithm.
(more…)

Jul 16
2009

How to turn off register_globals via php.ini?

Last updated: July 15th, 2009

It is always secured to turn OFF register_globals in PHP applications. Earlier, we have seen how to turn OFF register_globals setting via .htaccess file and in this blog we will use php.ini instead.

Using a text editor create a file called php.ini. This will be our first step.

Next, we need to add the following line of code in php.ini
register_globals = off

Upload php.ini file to the root folder where your application resides.

Jul 13
2009

How to restrict folder, file permission settings for each user?

Last updated: July 13th, 2009

Sticky bit

There may be situation where you wanted all users to store files in a certain folder but might want to restrict users from deleting other users file. For this scenario, you can set the sticky bit of the folder which will serve our purpose.

For example we have created a folder inside /tmp directory called “user”

root@dev:/tmp# ls -l | tail -1
drwxr-xrwx 2 root root 4096 2009-07-13 11:39 user
root@dev:/tmp# cd user

Now create a file called a.txt (you are currently with root privileges)
root@dev:/tmp/user# touch a.txt

Now change to the user with normal privileges (i have created a user called ‘usr100′ for this purpose)
usr100@dev:/tmp/user$ su usr100
password:
usr100@dev:/tmp/user$ whoami
usr100
(more…)

Jul 09
2009

PHP Image Upload and Security

Last updated: July 9th, 2009

List of steps to take care when using PHP to upload images or documents

i) use is_uploaded() function to check if the file is uploaded before moving the file from temporary location

ii) sanitize the name of the file before moving the file from the temporary location by executing the ‘mv’ system command (use escapeshellargs, escapeshellcmd as needed)

iii) chmod the file setting to 644 if needed

iv) the directory from where the file will be moved and the destination directory should be initialized beforehand in order to prevent users from altering the path where the files could be stored

Jun 18
2009

Cross site scripting Attack – XSS

Last updated: July 27th, 2009

Cross-Site Scripting (XSS) is the method of code injection whereby a malicious user injects code (html, javascript) which would get executed from the site on the users browser. When Google finds this, it will show up a warning message in its search results if the users had searched for a specific term for which your site is indexed. This can harm your user base.

XSS attacks are classified as
Persistent attacks
Non-persistent attacks
(more…)

May 20
2009

PHP Register Globals and Security Vulnerability

Last updated: May 21st, 2009

Register Globals directive is turned OFF from PHP version 4.2.

PHP Global Variables
Environment variables, GET, POST, Server, Cookie variables are knows as Global Variables.

When register_globals directive is turned ON (like what most ISP’s did), you can access/set the global variables like $username, $password instead of $_POST[“username”], $_POST[“password”].
(more…)

May 19
2009

PHP: escapeshellcmd, escapeshellarg

Last updated: May 21st, 2009

escapeshellcmd and escapeshellarg are two commands that are used to escape the defect causing characters that are present in the system command or the arguments that get passed to it respectively. Before passing the commands to the system or exec, the strings get escaped using these commands.

Sample program to demonstrate the usage:

<?php

// shell command
$mycmd = "ls -al";
$returncmd = escapeshellcmd($mycmd);
system($returncmd);

// shell arguments
$myshellargs = "al";
system("ls -".escapeshellargs($myshellargs);
?>
May 17
2009

PHP XSS: htmlspecialchars vs. htmlentities

Last updated: May 18th, 2009

Cross site scripting XSS is a term used to refer attacks or loop holes present in the scripting used by websites favoring hackers to exploit this path towards identity theft or phishing.

In PHP, two functions are mainly used to circumvent XSS attacks.
i) htmlspecialchars
ii) htmlentities
(more…)

May 14
2009

PHP Security: Hiding Program Extensions

Last updated: May 21st, 2009

Obfuscating Scripting Language Extension in PHP is one of the technique that is effective to a certain extent in delaying the unscrupulous act of an active hacker. Following are few simple techniques used for hiding the program extensions.

i) Hiding program extension using .htaccess
ii) Hiding program extension using php.ini
iii) Hiding program extension using apache directive configuration
(more…)

Apr 14
2009

MD5 CheckSum, SHA1 CheckSum, PGP Verification

Last updated: May 13th, 2009

In order to ensure that the files that are downloaded from a site has been saved in its entirety and to give the added security that no intruders have modified the content of the files, various techniques have been used by source providers like MD5 checksum, SHA1 checksum, PGP verification. To explain how MD5 checksum, SHA1 checksum or PGP verification of the files happen, I will go ahead by explaining the steps by using a copy of openSSL program. (more…)


Valid HTML 4.01 Strict  Valid HTML 4.01 Strict