Web sites inevitably provide a lot of content with users, in writing, should pay special attention to the processing of user input, and some operations to the database. The purpose of this article is to remind developers to follow specific web programming safety specifications to avoid security issues for application code. The process of processing the user inputs follows the principle of three steps: 1. Check if the input data comes from the previous level page, which can be implemented using the "synchronous token"; 2. Check if the input submission method is a POST method; 3. Check if the user input data is effectively reasonable; through the above three steps, you can basically prevent the system from attacking the system by carefully constructing some strings. First, handle the user login user login program mainly requires the username and password of the user to verify the verification, otherwise the attacker can submit some special data, if the program cannot filter out these special characters, may result in dangerous consequences. 1. For the password verification process, it is recommended to use the following method <1> to find records in the database according to the submitted username, if there is no error, if there is any user, turn step <2>; <2> The password in the record The part is compared to the password entered by the user, if consistent, the pass, otherwise the error returns; note: Do not perform verification of the user / password simultaneously in a SELECT statement to increase the difficulty of potential hazard attacks; 2. Use a single quotation marks "package" user input data for PHP language written, should be encapsulated on all data entered by the user, regardless of a numerical variable or a character variable. Constructing the SQL statement is best to use the following format: $ sql_query = "SELECT F1, F2 from table where id = 'input_id' and name = 'input_name'"; this, if the user enters data, if the single quotes, such as special characters, PHP will The automatic increase of '/' in front of it cancels its special significance, which greatly reduces security risks. Similarly, for the J ava language code, in all possible cases, PREPAREDSTATEMENT and dynamic SQL should be used to set the parameters through the "SETINT, SETSTRING, etc.) method, and then execute the SQL statement, do not perform the SQL statement Develop the habit of spelling the SQL statement according to the parameter of the parameter before execution of each statement. Second, the processing user input In addition to the processing of the login, the following principles are required when processing the user input: 1. Rejecting any content slash started with a slash means "relative to root" or absolute path. Users rarely need to access data outside the web root directory so that the path they use is relative to the web root directory, not an absolute path, it is necessary to refuse any content starting with the slash; 2. Rejecting any content containing a single point (.) And two points (.), There is a special meaning in a single point (.) And two points (..) sequences in the path. Single point means "relative to the current directory", and double points means "the parent directory relative to the current directory".
Some people can build icons .. /........ The string of the truncation like this, then enters the / etc / passwd file down, threatening system security; 3. Before transferring the data submitted to the system, filter out the following characters:; | <> * &! # () {} []: '", Pay attention to the transportation of the carriage return line symbol; 4. Rejecting any content based on the second character based on the NT server to reference the concept of using the drive letter to reference the disk volume, including the path to the drive to the drive plus a colon with a letter; 5. Write any UNC path based on NT The server also supports the Universal Naming Conventions (UNC) reference, a UNC file specification specifies the machine name and a shared point, the rest, the specified shared point on the specified machine. Theunc file specifications are always starting with two anti-slope, writing programs. Be careful. 6. Carefully check the input statement, refuse the following commands again: rm -f mail ... delete ...... / etc / passwd or other operations with threat to the system. 7. Storage / Delete Password If password It is stored in the J ava string object until the password will remain in memory until it is grounded or the process is terminated. Even if garbage collection is made, it still exists in the idle memory heap until it reuses Space. The longer the password String stays in memory, the greater the danger of being eavesdropped. Worse, if the actual memory is reduced, the operating system will convert this password string to the switch to disk. Switch space Therefore, it is easy to suffer from disk block to eavesdropping. In order to minimize this leak (but not eliminated), you should store your password in the char array and set zero after use. (String is unable So it cannot be set to zero it.) 8. JAVA Programming When you serialize an object as a memory or transfer any private field, these objects are presented in the stream. Therefore, sensitive data It is easy to be eavesdropped. You can use the Transient keyword to tag properties so that this property will be ignored in the stream. Third, all user input related variables must be packaged (PHP language). For all numerical types Variables, first to determine whether the content is really numeric type (for example, IS_NUM () functions), if not, there is an error handling. For security reasons, even numeric variables, it should also be on its outer bag Quotation marks. Fourth, when dealing with the error information programmer, you often set some error messages, or debug the program, or use the system's error message to debug the program. In practical applications, you must pay attention to replace these error prompt information, so as not to disclose some important Information to malicious attackers. That is in the program test phase, be sure to pay attention to the operation results of the user enter the error data after the error data, etc. . V. Dangerous system calls minimize system calls such as system (), popen (), especially if these calls are to be carefully checked, so as not to be utilized by hackers. If it is not particularly needed, do not use system calls such as system () or popen (), especially when the data entered by the user is used as the parameters of these calls. If the user input data is not analyzed, it may be used to perform the system command.
