Re: Auditing Code (security wise)

Posted by Vaughan on 1197145192
just done a quick audit myself.

well i say quick, but it actually took me well over 2 hrs to complete, and that was only a very basic audit looking for 1 particular issue.

issue i have dealt with today is to make sure that header redirects 'header() & redirect_header' are all exited properly with exit();

not an issue for browsers etc, but if the pages were to be viewed via say telnet then it could become an issue as telnet does not understand header functions, so essentially the header redirect is ignored and the rest of the page will be continued on. exiting the script with exit(); after each redirect will prevent that from happening. it protects from those systems like telnet that don't understand the header redirect function.

nothing tedious, just a simple check.

i'll continue with this as i go along, obviously the more complex coding and vulnerabilities will be beyond my knowledge, but for those that i know about, i'll fix as i go.

This Post was from: