Topic awaiting preservation: find the security flaw.... |
|
---|---|
Author | Thread |
Paranoid (IV) Inmate From: [s]underwater[/s] under-snow in Juneau |
posted 02-21-2004 22:38
I'm making a remote authentication script that runs a PHP ldap look-up on my server. No one outside our network has access to the ldap server, so I'm making this application available to others by having them use clientside includes(hidden iframe/ilayer). |
Maniac (V) Mad Scientist From: Rochester, New York, USA |
posted 02-22-2004 02:47
Other than that I can simply look at the code and get the hidden form value, and from that create my own GET or even spoof a POST query? or the fact that web pages are cached to the harddisk, so any user could potentially see the result page with the included hidden form field? |
Paranoid (IV) Inmate From: [s]underwater[/s] under-snow in Juneau |
posted 02-22-2004 04:20
Thanks for the response.... |
Maniac (V) Mad Scientist From: Rochester, New York, USA |
posted 02-22-2004 07:54
Real security is hard for something like a website. |
Paranoid (IV) Mad Scientist with Finglongers From: Germany |
posted 02-22-2004 10:31
authentication the user via setting 'a hidden form element that isn't in the source'/cookies/whatever is not secure. All I need is a half way decent http sniffer, and voila. |
Paranoid (IV) Inmate From: [s]underwater[/s] under-snow in Juneau |
posted 02-23-2004 03:03
The advice is much appreciated. The problem here stems from the fact that our LDAP sever will not accept connections from outside our local network. |
Paranoid (IV) Mad Scientist with Finglongers From: Germany |
posted 02-23-2004 11:49
five things tyberius never wants to have to do: |
Paranoid (IV) Inmate From: Den Haag, Netherlands |
posted 03-03-2004 17:34
An interesting little alternative would be to write a pseudo_browser object in php to run server_side and do your authentication query as though it was a browser ... passing the login details in and getting the authentication back before the page is rendered ... I use that method to access read-only (public-domain) documents from within our document repository (password protected). You can even handle cookies, keeping them in an array between accesses if you like .. stops them being written to the users PC in the event of the sort of access I described above .... |