I am currently working with FileMaker and their PHP API, and I have to search, insert and update database entries from a website.
I just have a quick question really. Is there any specific security issues I should be concerned about whilst working with the FileMaker Database as I don't believe it uses SQL as a backend language so there would be no SQL Injections and things like that.
Obviously I sanitize all data for HTML and any arbitrary code, but is there anything I should be weary of for things like SQL injections but for FileMaker?
All answers would be welcome.
FileMaker PHP API uses FileMaker Server's XML backend, which only accepts GET and POST requests in known format. I don't think there's a way to send something malicious.
There could be a way to bypass your PHP layer and access the XML backend directly. If this is a problem, it should be solved on both PHP and FileMaker levels. E.g. one way is to create a special account for web access and only give the password to the PHP app. (This implies you don't need personalized web access or have a special scenario for it.) If this doesn't work, there's a number of other options: one can restrict access to layouts and fields, mark layouts as read-only, or use FileMaker scripts to do custom checking and completely hide what is going on.
Related
I am a newbie to the web application. I just understood what is an api and why it is used by reading some online blog. But I was wondering why to use an api to fetch data(or insert data) when you can directly fetch data from database using PHP and mysql.(I am sorry if this question sounds stupid.) An answer with example would be great. Thanks
API are used to make communications more secure. With an API you can add encryption, different users and roles and a lot more. With MySQL you can not do that on the same level.
Future more, MySQL is a service, and if you work directly with it, it has to be open on a Port. Here you can not add not as well protection as you can on a Webserver.
An API can also add some logic. Maybe you want to control the input given by a request to it. Or maybe you want to have some additional calculations going on, before you make any INSERT or UPDATE to the database. This can help you to have your database clean.
If the System where the database and the API is located at, decides to change the database from lets say MySQL to PostgreSQL or anything else, every service connecting to it will have to change its code to make it work with the new environment.
So, an API can be more secure and has some standard everyone can rely on, even if the APIs background changes.
I'm currently building out an application that stores user data in a database. Part of the specifications of the application dictates that the user should be able to access their data from anywhere, this includes phone based apps that I'm planning to write with HTML5 and port using one of the various HTML to app converters.
My issue here, is that since the data needs to be access from several devices, I'll need some sort of central database to store the information. I have no problem writing code to query the database, but the issue of how to handle it on the phone side is giving me a little trouble.
I've read before that it's unwise to embedded the database login credentials in each app, and this makes sense. However, then I'm not sure how I would need to go about adding the ability to connect to the databases.
I'm thinking about adding in some sort of database connection layer to my application. I'm thinking of having some sort of key added to the app itself, which is required by the database to connect. That way, the login credentials are only stored in one place, and on my server.
There are still some concerns with this approach in my mind.
Is this going to be a large performance issue; having to connect first to a script before querying the database and then having it perform some sort of check to send the data back to the user?
Is this really necessary and any more secure? How bad of an idea is to to directly code the database login into the app itself, and how much risk of any potential problems does this actually migrate?
When it comes down to it, I don't have much experience with this type of application, and I'm wondering if my idea is good enough to work, or if there is any other ways that are clearly better that I should look into.
I was curious to know if it was acceptable to allow web developers to use PHP for when build a service for my site. If this was streamlined and excessively secure, would it be safe to do so?
Here's an example:
Someone's building a web application and requires access to the site's users (stored in a MySQL database table). How will get MySQL table results? Well, he can use PHP (or AJAX) to obtain the variable. If you set him up with some streamlined classes with excessively over-secured classes, he should be able to get these variables without a hassle.
Now, what I want to know is, is it secure to give a rando on the internet PHP abilities to use on my site. I don't know this person, nor will I ever actually meet them, but they need to create content for my website and I want to ensure that there will be no security risk doing so.
Thanks in advance.
Allowing 3rd party access to your site is NOT advisable in native code - Not to write files, and not to the DB. This is a security risk, and ill advised.
The best solution to something like this is to write an API for the site:
for example, they need access to users list, so write a read only (key locked) api that gives a list of users and is searchable
Locking with a key means you can limit calls, log who called what, and how much, and also revoke access.
eg. they would call
yoursite/api/getusers?name=john&key=mykey
and get a list with all John's etc.
this way your DB remains secure, and no outside code can run on your site/server.
i'm looking for a way to read/write a mysql database on a server from an iOS app.
There are a lot of answers that suggest to make a php script on the server and echo the response as JSON.
My question is: is it safe to do this?
I think that everyone with a firewall can see where my app points and run the script by itself so he can read all my data, doesn't it?
As a basic principle, yes using a php script to provide a RESTful interface is a good idea.
Yes people will be able to see the url you point to, so you need to consider safety properly. using SSL is a start, sending the data through POST, and perhaps including some sort of authentication to try and keep the number of unwanted connections down, I'm sure there are other options here as well. You can also consider using some sort of encryption, though thats a little outside my area of expertise
On top of that you should ALWAYS ensure that your inputs are sanitised, use the php script to ensure that only the queries you want to run on the DB are run. send the type of request & parameters to the php script, let it sanitise the inputs and build the query itself.
Create a serverside script like an api (using any scripting/server side language) that returns exactly what your app needs. Thus you don't allow the client to dump everything and make sure your query params are sanitized (better to use some ORM mapping framework instead of concatenating the query string)
We are developing a very simple first stage GUI for a company database.
At the moment our time to deliver is rather limited.
So we thought about using a simple SQL stored procedure and retrieve all data.
The data the users are allowed to see is depending on security levels defined in the database and also in our Active Directory.
So after fetching all the data, the GUI displays only what the user has access to view / edit.
My question is if there are any remarkable security issues with this aproach? It should also be noted that both the webinterface and the database are located in our intranet.
Our backend uses W2K3, IIS, PHP 5, SQL 2005
Any feedback would be greatly appreciated
Jonas
Considering the time to deliver (about 1month), it should be rather ok.
First thing: since it is in intranet only, your site should be rather secured since outside world cannot be accessing your site.
secondly, XSS and cross site request forgery should be disabled no matter what.
next, SQL injection.
with these few things in mind, the application should be basically secured.
Don't put an outward facing web server on your internal network. Seriously. Put it in a DMZ.
As far as your data is concerned, will you be filtering based on user access before or after the data hits the web front end? I'd suggest doing it in the proc.
Also, if you can, I'd suggest putting your DB on a separate box as well, for added security.
It is a sound enough approach. This way the data the user is not allowed to see remains in the database.
"So after fetching all the data, the GUI displays only what the user has access to view / edit."
A frequent mistake when dealing with access control on websites is implementing them for the data fetching scenario but not the data writing scenario. This is often the result of the assumption "the user will only send us editing requests on resources that we told her she could edit". Unfortunately...
As I coudln't spot this in your question's content, I'd just recommend making sure you effectively dealt with access control when building the GUI but also when receiving data modification requests.
If we consider the following scenario:
The user fetches data she has legitimate access to.
The user requests edition of that said data. Let's imagine an edition form is now displayed.
The user submits the form with the changes.
Before leaving her machine, the user intercepts the HTTP request and replaces the identifier of the edited resource by another identifier, to which she shouldn't have access.
Does your model ensure that when receiving the editing request, the access control rules are also applied? From a SQL-like scenario, this would translate to asking whether you're using a request template such as the first one below or the second one below:
1) "UPDATE ... WHERE ID = x"
2) "UPDATE ... WHERE ID = x AND (SELECT ... FROM ... WHERE userID = y)"
If your model is more likely to be the first, then you might have an authorization model issue. Else, it should be okay.
Hope it helps.
sb.