Comments on: php security interview questions http://www.phpinterviewquestions.com/php-interview-questions/php-security-interview-questions/ Prepare for your next php based interview with high confidence Fri, 23 Sep 2011 11:31:49 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: free tutorials http://www.phpinterviewquestions.com/php-interview-questions/php-security-interview-questions/comment-page-1/#comment-36 free tutorials Thu, 22 Jul 2010 16:16:14 +0000 http://www.phpinterviewquestions.com/?p=327#comment-36 Hey thanks a lot for sharing useful interview questions..... which will be very helpful while attending the interviews..... glad i found ur site...really a very helpful site..... by the way check out my collection of php interview questions from here: <a href="http://webdaggers.blogspot.com/2010/07/php-interview-questions.html" rel="nofollow"> php interview questions </a> Hey thanks a lot for sharing useful interview questions….. which will be very helpful while attending the interviews…..
glad i found ur site…really a very helpful site…..
by the way check out my collection of php interview questions from here: php interview questions

]]> By: Bart http://www.phpinterviewquestions.com/php-interview-questions/php-security-interview-questions/comment-page-1/#comment-34 Bart Wed, 14 Jul 2010 11:05:07 +0000 http://www.phpinterviewquestions.com/?p=327#comment-34 Hi Mishi, Good examples are difficult to produce for everyone, because it often requires a unique situation to make the risk clear. However, the most common example is that found in the PHP manual: [php] <?php if (authenticated_user()){ $authorized = true; } if ($authorized){ include '/highly/sensitive/data.php'; } ?> [/php] With register_globals enabled, this page can be requested with ?authorized=1 in the query string to bypass the intended access control. Of course, this particular vulnerability is the fault of the developer, not register_globals, but this indicates the increased risk posed by the directive. Without it, ordinary global variables (such as $authorized in the example) are not affected by data submitted by the client. A best practice is to initialize all variables and to develop with error_reporting set to E_ALL, so that the use of an uninitialized variable won't be overlooked during development. Hi Mishi,
Good examples are difficult to produce for everyone, because it often requires a unique situation to make the risk clear. However, the most common example is that found in the PHP manual:

<?php
if (authenticated_user()){
  $authorized = true;
}
if ($authorized){
  include '/highly/sensitive/data.php';
}
?>

With register_globals enabled, this page can be requested with ?authorized=1 in the query string to bypass the intended access control. Of course, this particular vulnerability is the fault of the developer, not register_globals, but this indicates the increased risk posed by the directive. Without it, ordinary global variables (such as $authorized in the example) are not affected by data submitted by the client. A best practice is to initialize all variables and to develop with error_reporting set to E_ALL, so that the use of an uninitialized variable won’t be overlooked during development.

]]> By: Mishi http://www.phpinterviewquestions.com/php-interview-questions/php-security-interview-questions/comment-page-1/#comment-33 Mishi Wed, 14 Jul 2010 10:57:22 +0000 http://www.phpinterviewquestions.com/?p=327#comment-33 Why is it a security risk? Why is it a security risk?

]]>