I've done a bit of web programming (using PHP and MySQL), but nothing too large in scale. I've been thinking about how someone would create a social networking type of site and I've ran into some problems.
How would you safely and securely store passwords in MySQL? What kinds of encryption would you use?
If users were allowed to upload pictures, would it be better to store them in the database or have them uploaded directly to the server?
What open source web applications (such as WordPress) would you recommend I read and study (preferably something simple but well written)?
Anything taught in class or written in books just don't seem to translate well into real production code. They just seem like very basic examples.
Thanks!
Regarding password storage: use one-way salted hashing for security. Here's an article on why.
Store a salted hash. I would personally move away from md5 and using something like sha instead. sha1 + salt will hold out for a while =]
If you store the images as blobs in the db, you'll probably have an easier time in the future backing them up (along w/the db, fetching them, etc). But really, they'll be damn fast on the file system too, but I'd prefer them in the database as I have lots of code that interfaces w/the db and I'm comfortable working in that area. That's up to you.
I'm not sure that wordpress will help you to build a social networking site...but its still good to read other's code. I'd take a look at some books on amazon on architecture just to get your mind thinking large scale. Also, take a look at some design pattern books.
I'd also look into something like the Zend Framework or CakePHP. Cake will probably get you up and running rather fast, but I prefer Zend, as its very powerful and doesn't force you to code a certain style. CakePHP is kinda of like rails for PHP.
You'll also want to get decent at security, both server and client side, watching for stuff like session hijacking, sql injection, xss, brute force attempts, remote includes, uploaded file exploits, etc.
Social sites offer many attack vectors to crackers.
Resources:
http://www.amazon.com/Pro-PHP-Security-Chris-Snyder/dp/1590595084/ref=sr_1_1?
http://www.amazon.com/PHP-Objects-Patterns-Practice-Second/dp/1590599098/ref=sr_1_3?ie=UTF8&s=books&qid=1265662237&sr=1-3ie=UTF8&s=books&qid=1265662204&sr=8-1
http://www.amazon.com/Building-Scalable-Web-Sites-Applications/dp/0596102356/ref=sr_1_1?ie=UTF8&s=books&qid=1265662256&sr=1-1
And your local PHP mailing list / meetup.
For the image storing, I always used to store them on the hard disk, but using a very hard image validation script to make sure the images don't contain malicious code.
I'm also used to apply URL rewriting so users can't find the real path to the images.
Don't you have a strange feeling storing images into databases ? The mysql database can grow very fast, and you will always need a PHP script to show up the images, which means it makes your server slower.
As for the password storage, use salting as the others replied.
Last, for the documentation, I really love to see how Wordpress is structured.
I have spent hours watching it's source code and reading it's documentations. It's just a terribly good example of how to organize any website.
Apply a hash function to the password (such as sha1 or md5). Then add extra "salt" to it by taking like the first 5 characters of md5("social") or something. It's up to you, but this is intended so that if a hacker gains access to your database, he/she won't be able to run your hashed passwords through a rainbow table and get the actual password.
I am running a website that allows users to upload pictures. The pictures are organized in bins (that is, 1,000 pictures per bin) just to keep it organized (and you can only have so many files per folder before you run into problems). The location of the pictures is stored in the database as well as other info (like picture id, file extension, bin location, etc). Another table in the database links the picture ids to a user. Also, the picture's filename once its uploaded is something like
{bin}/{userId}_{pictureId}_{token}_{variant}.{fileExt}
Not sure about web applications, but you should definitely make use of some built-in PHP classes such as the PDO database abstraction layer.
For password storage, I suggest using MD5 with a salt. MD5 is impossible to decrypt, but its possible to crack using rainbow tables. For example: Here is a MD5 lookup site I've coded
I would personally upload them directly to the server, however, you need to make sure only valid image files can be uploaded. Don't want someone uploading a rootshell.
Question 3: I would suggest studying one of the modern Rails-style frameworks (my favorite is Symfony) rather than an app like Wordpress or Gallery. They are both excellent, but they've evolved from simple hacks and aren't necessarily the way I would start anything if I was starting from scratch.
Also, for question 2, I hate binary blobs in databases. Filesystems work great for that.
And question 1: one-way hash, as others have said. Mysql's password() function is probably fine.
All these questions have been answered before.
How would you safely and securely store passwords in MySQL? What kinds of encryption would you use?
See https://stackoverflow.com/search?q=password+hash+database+php
If users were allowed to upload pictures, would it be better to store them in the database or have them uploaded directly to the server?
See https://stackoverflow.com/search?q=store+images+database+php
What open source web applications (such as WordPress) would you recommend I read and study (preferably something simple but well written)?
See https://stackoverflow.com/search?q=social+network+php
You should also take into account that running and managing a social network site is more than just coding it. Are you sure you want to build one from scratch? Consider if you would be equally happy with something like Ning, where everyone can start their own community with no programming whatsoever?
Related
I need to implement a simple (not ultra-secure) but fast file en/decryption using PHP, so files are encrypted on upload and decrypted on download. Files are mainly images (jpg) and videos (mp4), and some videos are up to 30 MB, so my idea is to encrypt only the first X bytes of each file, just to avoid anyone that could have access to the server (ie. support people) to open the files from users.
I am new to this subject and after almost 6 hours researching found only old examples, using deprecated Mcrypt.
Please, can anyone give me tips to start? Is there any native method from PHP that I can use, or maybe an open-source library? Does Mcrypt would be an option, even if deprecated (I am using PHP 5.6). Do you think encrypting only the first X bytes of the file is a good approach in my case?
Thanks!
Here is a PHP encryption library: https://github.com/defuse/php-encryption
I found this just by googling, I can't vouch for it's reliability or security. There are documentation and examples on that page.
However I really would ask you to take a step back and consider what the purpose of this is and what the wider security considerations are. In order to do this successfully then there will need to be some security secret, either a key or a password, that will need to be kept hidden from the people that you don't want to be able to decipher the data. I can imagine that would be difficult if those people are the support staff. If you made the password the users login password you are setting yourself up for widespread data loss when a user forgets their password. Also at some point it will need to be unencrypted and you will need to think about making sure that is not leaked at this point. And then you need to think about who has access to the source code that handles the file access, and the key/password code. What about server logs and caches? Etc etc
Furthermore if you are only encrypting the first X number of bytes and don't need to make it 'ultra-secure' then I wonder why you are attempting to do it this way at all? I'm not sure what problem it is you are trying to solve.
Given that doing encryption properly is not simple (not to mention costly in terms of computing resources), but if you don't do it properly it isn't much good then I can't help suspect you will probably be much better off spending the effort making sure that untrusted persons only access information on a need-to-know basis and all access is logged in order to keep people honest.
I am building a small application for a real estate company which needs to store sensitive information such as bank statements, tax returns, etc. Right now i have the upload form as just a standard html upload form using php $_FILES to move the file to the desired folder. This works fine but there is no level of security to protect this sensitive information. I have two questions?
First, what is best practice (as of 2017) for storing sensitive documents like bank statements, tax returns, etc? I have tried to search for best practices online but everything im finding is 5-10 years old information or deprecated php functions. Is there specific php function I should be using/researching?
Second, are there any tutorials or books available that would help me understand secure file storage, file encryption, etc., in php?
My ultimate goal is just to make sure these files are secure and don't fall into the wrong hands. My question is specific to file uploads. I do understand that the rest of my site has to be secure as well. My question is simply about protecting files.
Thanks for any help or guidance.
First, what is best practice (as of 2017) for storing sensitive documents like bank statements, tax returns, etc?
The literal answer to this is simply to keep them ENTIRELY OFFINE (on a remote hard disk, if needing to keep them digital at all) and store them in a good quality safe with only one -or maximum two- verifiable keyholder(s).
Read https://security.stackexchange.com
Read https://crypto.stackexchange.com
Read, download and use the Defuse PHP Encryption Library. My reading up on the same topic last year persistently showed this library (and all of Defuses stuff) was very high if not market leading in this arena. This encryption library can en/decrypt files.
Also research Halite. Which is a High-level cryptography interface powered by libsodium, which can encrypt and decrypt files.
Also please read my answer here for MySQL best practise for securing data storage (string or blobs etc.).
If using a database it is paramount that the database and the file server are different servers (and depending on the value of your data they should be in very different physical locations), and the database contains an encrypted key needed for the fileserver decryption, so that if when one server is compromised, the data is still secured.
Use your own server(s). Don't use the "cloud". (To have proper online data security is not really cheap)
I am working on an Android app that deals with some slightly sensitive information (Names, Usernames, Passwords, Badge number, etc)... As far as code work goes, I know how to connect to a MySQL database with PHP and pull information from it via JSON. I am just worried about the security of doing this. I know there are plenty of Android and iPhone apps that currently implement login systems, but I was curious as to how secure those logins are.
Does anyone know where I can find some information on creating a secure connection to a database with PHP and MySQL for my login system through an Android app? I know nothing is completely impenetrable, but I want to make sure the security of my app is as tight as possible.
As always, I am still getting used to StackOverflow, so if I was not clear or this question has already been answered, let me know!
If you're rolling your own authentication code, it's really hard to say how secure it is. Often people get this horribly wrong and the code has the opposite effect: Instead of securing the site it exposes several severe holes that can be used to hijack it and download arbitrary data.
A development framework like Laravel comes with an authentication system built-in. If there's vulnerabilities in that code, which is reviewed by the community, there's usually an advisory posted so you'll know and can patch as necessary.
If you follow best practices, you should be fine. JSON via PHP or any other language is a good way to go if you want to keep things simple and secure.
Its really hard to gain 100% , but you can use some techniques like
SSL
Session for each user
something like verification code sent through SMS
Encryption data before sent over API calls etc
It is incredibly insecure to connect to a remote db from an app. Think of it like connecting to a database from javascript in your browser, because it is the same level of security.
As an important aside,
slightly sensitive information (Names, Usernames, Passwords, Badge number, etc).
Passwords are not slightly sensitive, they are critically sensitive. I'm not sure if you are implying that passwords are being stored in a reversible format, but they should be hashed.
Anyway, to your main question, instead of connecting directly to a database from the client-side device, you will want to create an API that provides limited access. You would write this in the form of a web service, using some server-side programming. From there, you'll simply use an API key/roles based on the current logged in user. This is the secure/proper way to design this system. You do not want to put db credentials in an app, unless they are for a local db on the phone.
To extend what Gray said, you can pass the JSON data through the URL that you're shipping to the web service that's providing the front end to your DB. There are a couple of other examples that you can find here to start. As pointed out, it's a really bad idea to have direct DB access. Even with a front end, you'll want to ensure that you're doing lots of data checking in the front end. Don't pass direct SQL queries! They're too easy to hack. SQL injection continues to be one of the most successful attacker techniques.
You might consider a Mobile Backend as a Service provider, like Kii, Kumulos, Kinvey, Kony (not sure why they all start with K...), or built.io. They'll cost you money, but save you headaches.
I'm a relative newbie to PHP and just making my way through the W3Schools tut.
The tut makes a big point of saying you must always filter external data (i.e. cookies, form data etc).
I'm writing a fairly simple system that talks with a third party Joomla extension. It's at a prototype stage where I'm just wanting to demonstrate the functionality in a minimum viable product.
Basically, I'd like to know... what's the worst that could happen in I don't filter content. Are we talking 'I might get a bunch of spam', or 'a good hacker could get root server access'?
Have hunted around online, but would love any of your experience / insight on the matter!
If you don't filter the input data, your site will probably be prone to an SQL injection attack. Check this site. It contains a humorous comic, quite famous too. It depicts the problem of SQL injection quite clearly :).
A good hacker could theoretically get root access.
If you don't filter content that goes into database queries, the database will run whatever was put into the query.
In that case, the hacker might be able to download a database full of usernames and passwords. Which you certainly don't want. Especially if your root passwords are in there because you've used the same password twice. Or they might just delete your database altogether. I've read reports of that happening.
Is it feasible to allow users to login to my web application (php/mysql) using thumb scanner? USB scanners seems available and not too expensive, but has anyone got experience with it? How to make it work with php so users instead of filling in regular username/password fields would actually be able to login by scanning thumb. Are there any opensource/relatively cheap solutions available? So far I found http://www.m2sys.com/ which looks pretty decent but is a bit expensive, considering I would need to provide initially ~400 users with scanners and all that.
This would be quite a bit less secure than what they're normally used for, though it could be useful.
You would have to write a client-side app that could communicate with the scanner, or some way for the scanner to get the fingerprint data and then pass that to the server.
However, this is where you really want (need) to do some security. You don't want to just send someone's fingerprint across the internet - that's like sending a password in plain text. Now anyone who was listening can tell you the fingerprint data and hey! logon!
A "better" way would be to have a client-side app that reads the scan data, performs some type of fingerprint analysis, then encrypt either that data or a hash and then send that information across the net.
It's probably a lot more difficult to do a secure bio-key authentication in this scenario - there are others in which it's a better fit. User/pass pairs are ubiquitous so that everyone is used to them (and 90% of your users probably use the same pair everywhere they go), and security to keep them confidential is fairly robust and relatively simple. That's what I'd stick with - it's easier for you, and easier (more familiar) for your users.