Jump to content
MakeWebGames

Secure all pages using globals or header


CHAMAVELI
 Share

Recommended Posts

Is it possible to secure all pages by inserting the codes into globals.php or header.php. If it is could someone please give me the codes to secure the Mccodes V2 game. Im new to PHP and this is a project to help me learn so I need you to explain it as though I was an idiot.

Thanks.

Link to comment
Share on other sites

Re: Secure all pages using globals or header

What it was saying is that the Mccodes game is un secure so we have to secure it from hackers so they cant abuse the crystal market or what ever. I was asking if there is a code that I can insert into the header that will secure all the pages instead of me modifying every page that needs to be secure.

Link to comment
Share on other sites

Re: Secure all pages using globals or header

I think my previous statement applies to your second statement.

 

If you want to secure a crystal market, go into the crystal market file and find/fix any security holes that exist there.

I could see something like

if (isset($GET['ID']) {$GET['ID'] = abs((int)$GET['ID']); }

 

BUT BUT BUT

you have to add one in for POST too

BUT BUT BUT

what if another file uses Id?

then you have to add those in as well,

or id, or iD

you'd have to do post get for both of those, and if you use any of my code, I use REQUEST, so you mise well do GET, POST and REQUEST for all of those

 

BUT BUT BUT

what if somewhere you use ID to pass something that has letters in it?

then your code is broke because you applied an overreaching "fix" that wasn't really a fix.

It's bad technique, it doesn't work 100%, you will fell safe, but there will be unique security holes on each page.

If you just patch over ID, you'll be missing a lot....

You really should --- not be lazy --- and do the hard work of digging into any file you think might have security holes.

 

In closing, I'll leave you with a simple statement that sums up what will happen with your approach:

 

FALSE SENSE OF SECURITY

Link to comment
Share on other sites

Guest Anonymous

Re: Secure all pages using globals or header

 

FALSE SENSE OF SECURITY

Hence the reason professional developers avoid the use of REQUEST as it "implies" certain constructs to be in place.

Outside of that, I agree with F. here -- There is *no* simple solution - You have to do the work yourself.

Link to comment
Share on other sites

Re: Secure all pages using globals or header

No, but judging from version 1, and also going on user input as being a major source of vulnerabilities, we could make a list like:

 

login

registration

any shop or market file

forums

preferences

 

Those would probably be the ones I'd have a high priority on hitting.

Most of them would have POST, GET, or REQUEST vars that are different from any file, and would need to be looked at closely.

 

Good luck ;)

Link to comment
Share on other sites

Re: Secure all pages using globals or header

Yes and no. For the sample site, I have an "express login" that allows anyone to login to the default account. That allows folks that don't care to go through the registration process to check it out. There's quite a few things in the admin panel that are "dissallowed" on the sample site as well, not the least of which is the ability to hook new staff modules into the game.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...