stackoom
  简体   繁体   中英

How to plan a “secure” HTML FORM

 原文  2010-08-11 18:34:59       php/ html/ security/ forms-authentication

Question

I use $_POST to read data sent through HTML forms to the server, narrowing down attacks exposure. How can I strengthen security, using some kind of tokens in the form? The tokens could be readable however with a sniffer.....

**** EDIT ***** I agree the message above is generic...I'll try to give more details!

Ok, a PHP/Server generates emails containing some data for a sort of user-revision; this is accomplished with an HTML email containing HTML forms. When users receive those emails, they edit data in the forms, and send it back to the server, that in turn it will store it in the database.

While for other types of interaction users/server, login/authentication is required, in this case some particular email clients, like mobile phones, do allow reading HTML email messages and process forms, unfortunately without allowing client authentication (server side login) prior processing the form.

What happens on the server side when forms are received? Well $_POST is used, removing potential GET weakness, however using $_POST will not prevent other kind of attacks, just because a sniffer can easily "read" data being sent.

Data on the server side is parsed and stripped accordingly, removing unsafe Javascript and quoted text to prevent injections and other sort of attacks.

That's why I was looking for a sort of token/nonce technique, however I thought that tokens are sniffable within the form..... and that's where my help request starts!

3 answers

solution1
 2  2010-08-11 18:36:27

Here are a few things you should look into.

solution2
 2 ACCPTED  2010-08-11 18:37:14

You are probably refereing to CSRF (Cross site request forgery). Chris Shiftlett wrote an article about it which explains the concept.

solution3
 0  2010-08-11 21:17:12

Ok, I have discovered that Wordpress offers it's own API for NONCES. What I do now is to add an input field in the form containg the NONCE; when user sends form to the server, the NONCE is validate back.

There's a little chance an attacker could gain access using NONCE contained in the form ** ONLY ** during the lap time occurring between NONCE issue/verify. Quite difficult though: the attacker should sniff data, grab the NONCE and use it immediately to load "something" in the database... What could it be loaded, assuming content is being stripslashed and de-javascripted?

Moreover, as WP NONCES are created using constants: 

wp_create_nonce  ('my-nonce');

this will require some additional tasks to use variable generated NONCES in such a way for the attacker it will be more difficult to track the pattern to generate the NONCE...

What do you think?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to secure this PHP form How to secure a form? Form Input Validation using HTML enough to be secure? How to create Floor Plan using HTML maps How to secure a contact form in PHP How secure can a PHP-driven HTML contact form using Swiftmailer be? how to secure video upload php form How to CSRF secure a form that posts to another page? php, how to send form data in a secure way? how to secure my password in my registration form?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM