nice reading, very exhausting tho..
thanks for those dave & dave.
with regards to the conversation I had with Dave last night, it is apparent that the exit(); after redirect_header() is not required as redirect_header function is already terminated with exit(); in the function itself. I'll remove the extra exit(); in a bit for consistency.
my next task that I will look for is in the mysql query statements. In particular making sure that all values in the sql query itself are quoted '' regardless of datatype, this includes alphanumeric values aswell as integer values. this will help decrease SQLi attacks.
for example >
$uid = $_GET['uid'];
$pass = $_GET['pass'];
mysql_query("SELECT * FROM table WHERE uid=$uid AND pass='$pass'");
is very vulnerable (i am not ignoring sanitation here, but just the above is for example of why quotes are necessary)
in the above, if a user provides a value of "1 OR 1=2" the above query then becomes >
SELECT * FROM table WHERE uid=1 OR 1=2 AND pass=''
which means that an attacker could then retrieve an arbitrary row from the db bypassing the password itself.
I think maybe a good idea for me to keep using this thread to write down my intentions and explain the reasoning, + if anyone else would like to also offer suggestions, it's a good place to keep this discussion in 1 place.
This Post was from: https://www.impresscms.org/iforum/viewtopic.php?topic_id=618&post_id=5676