register_globals and query string question

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
MrHamburger
Forum Newbie
Posts: 3
Joined: Thu Apr 20, 2006 2:09 pm

register_globals and query string question

Post by MrHamburger »

If I were to use the following code to keep out unauthenticated users (users must provide login/pass at another page):

Code: Select all

<?php
  	session_start();

  	// check session variable

  	if (isset($_SESSION['log'])) {
                     //content of page
                     //stuff for logged in user
        }
        else {
                    echo "you must log in to see this page";
        }
?>

and register_globals is left on, shouldn't an unlogged in (ab)user be able to get access the content of page by passing "?log=1" (or something thereabouts) in a query string?

Thanks for the help!
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

no.
User avatar
R4000
Forum Contributor
Posts: 168
Joined: Wed Mar 08, 2006 12:50 pm
Location: Cambridge, United Kingdom

Post by R4000 »

Nope, your script covers for that well :)

if you used:

Code: Select all

<?php
        session_start();

        // check session variable

        if (isset($log)) {
                     //content of page
                     //stuff for logged in user
        }
        else {
                    echo "you must log in to see this page";
        }
?> 
Then ?log=1 would get around it...
User avatar
MrHamburger
Forum Newbie
Posts: 3
Joined: Thu Apr 20, 2006 2:09 pm

Post by MrHamburger »

Hmm...thanks. I've been reading the PHP Security Consortium Security Guide (http://phpsec.org/projects/guide/) section about Sessions and am trying to figure out how the design in my original post could be compromised...is there an obvious way to crack it that I don't see??
Post Reply