Some common security vulnerabilities and defense methods on PHP websites

This article brings you relevant knowledge about PHP, which mainly introduces some common security vulnerabilities and defense methods about websites. Let’s take a look at them together. I hope it will be helpful to everyone.

1. Common PHP website security vulnerabilities

Regarding PHP vulnerabilities, there are currently five common vulnerabilities. They are Session file vulnerabilities, SQL injection vulnerabilities, script command execution vulnerabilities, global variable vulnerabilities and file vulnerabilities. Here is a brief introduction to each of these vulnerabilities.

1. Session file vulnerability

Session attack is one of the most commonly used attack methods by hackers. When a user visits a website, in order to prevent the customer from entering their account number and password every time they enter a page, PHP sets Session and Cookie to facilitate the user's use and access.

2. SQL injection vulnerability

When developing websites, programmers lack comprehensive judgment on user input data or fail to filter it. Yan causes the server to execute some malicious information, such as user information query, etc. Hackers can obtain corresponding information based on the results returned by malicious programs. This is the SQL injection vulnerability of Yuexingwei.

3. Script execution vulnerability

The common cause of script execution vulnerability is that programmers filter the URL parameters submitted by users when developing websites. Less commonly, user-submitted URLs may contain malicious code leading to cross-site scripting attacks. Script execution vulnerabilities often existed in previous PHP websites, but with the upgrade of PHP versions, these problems have been reduced or no longer exist.

4. Global variable vulnerability

Variables in PHP do not need to be declared in advance when used like other development languages. Variables can be used directly without declaration. The system automatically creates them when used, and there is no need to specify the variable type. The system will automatically determine the variable type based on the context. This method can greatly reduce the probability of programmers making errors in programming and is very convenient to use.

5. File vulnerabilities

File vulnerabilities are usually due to the lack of adequate filtering of externally provided data by website developers when designing websites. This causes hackers to exploit the vulnerabilities to execute corresponding commands on the web process. If you include this piece of code in lsm.php: include($\#\#b.\mathrm{}”/\mathrm{}aaa.\mathrm{}php”.\mathrm{}),\; for\; hackers,\; this\; can\; be\; done\; through\; the\; variable$

2. PHP Preventive measures for common vulnerabilities

1. Prevention of Session vulnerabilities

From the front According to the analysis, the most common type of Session attack is session hijacking, that is, hackers obtain the user's Session ID through various attack methods, and then use the identity of the attacked user to log in to the corresponding website. For this reason, the following methods can be used to prevent it: First, change the Session ID regularly. Changing the Session ID can be achieved by using PHP's own function; second, change the Session name. Normally, the default name of the Session is PHPSESSID. This variable It is generally saved in a cookie. If its name is changed, it can block some attacks by hackers; the third is to close the transparent Session ID. The so-called transparency means that no cookies are used to formulate the HTTP request. When using the Session ID, the Session ID is passed using a link. Turning off the transparent Session ID can be achieved by operating the PHP.ini file; the fourth is to pass hidden parameters through the URL, which ensures that even if a hacker obtains the session data, the related parameters are hidden Yes, it's also difficult to get the Session ID variable value.

2. Prevention of SQL injection vulnerabilities

Hackers have many ways to inject SQL, and they are flexible and changeable, but the commonality of SQL injection is The point is to exploit the input filtering vulnerability. Therefore, in order to fundamentally prevent SQL injection, the fundamental solution is to strengthen the filtering of request commands, especially query request commands. Specifically, it includes the following points: First, the filtering statement is parameterized, that is, user information input is realized through parameterized statements instead of directly embedding user input into the statement. The second is to use as few interpretive programs as possible when developing the website. Hackers often use this method to execute illegal commands; the third is to avoid bugs in the website as much as possible when developing the website, otherwise hackers may use this information to attack the website; just It is not enough to defend against SQL injection. In addition, professional vulnerability scanning tools must be frequently used to scan the website for vulnerabilities.

3. Prevention of script execution vulnerabilities

The means by which hackers use script execution vulnerabilities to attack are diverse and flexible Changeable, in this regard, a combination of multiple prevention methods must be used to effectively prevent hackers from attacking script execution vulnerabilities. There are the following four methods commonly used here. One is to pre-set the path of the executable file. This can be achieved through safe_moade_exec_dir; the second is to process the command parameters, usually using the escapeshellarg function; the third is to use the system's own function library to replace external commands; the fourth is to reduce the use of external commands during operation.

4. Prevent global variable vulnerabilities

Regarding the vulnerability of PHP global variables, previous PHP versions had such problems, but now After the PHP version is upgraded to 5.5, this can be achieved by setting php.ini and setting ruquest_order to GPC. In addition, in the php.ini configuration file, you can set a Boolean value for Magic_quotes_runtime to add backslashes to overflow characters in externally quoted data. In order to ensure that the website program can run in any setting state of the server. You can use get_magic_quotes_runtime to detect the setting status at the beginning of the entire program to decide whether to handle it manually, or use set_magic_quotes_runtime(0) to turn it off at the beginning (or when automatic escaping is not needed).

5. Prevention of file vulnerabilities

For PHP file leaks, you can achieve the purpose of prevention by setting and configuring the server. The specific operations here are as follows: first, turn off the error prompts in the PHP code, so as to prevent hackers from obtaining database information and web page file physical paths through error prompts; second, carefully set open_basedir, which means prohibiting file operations outside the directory. Processing; This can protect local files or remote files to prevent them from being attacked. Here we also need to pay attention to preventing attacks on Session files and uploaded files; third, set safe-made to on to prevent the commands to be executed. Standardize and prohibit file uploads, which can effectively improve the security factor of PHP websites.

Recommended learning: "PHP Video Tutorial"

The above is the detailed content of Some common security vulnerabilities and defense methods on PHP websites. For more information, please follow other related articles on the PHP Chinese website!