homepage Welcome to WebmasterWorld Guest from 54.211.201.65
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Admin security for a CMS
asantos




msg:1251082
 4:39 pm on Jun 19, 2006 (gmt 0)

Hi. Ive developed a CMS. One of its features, is that the admin user can add modules in a form. That means there's a big textarea for the user to add some PHP code, that will run on the frontend.

But... what can i do if an admin becomes "evil" and adds some kind of malicious code? for example: unlink() or a $sql = 'DROP database...' etc...

? Is there a way to stop critical commands like those?

I know that admins should be responsable of their own password, but you never know.

Any ideas? Thanks.

 

eelixduppy




msg:1251083
 5:13 pm on Jun 19, 2006 (gmt 0)

If I were to do something like this, just for absolute security, I wouldn't let these 'admins' (which if they can potentially become 'evil' shouldn't be admins in the first place) just add code, but maybe have them add it to a text file for reviewing by you, and then you can add it to the site. This method should be sufficient since there probably isn't going to be many additions to the system anyway, but if it still presents an issue, then you can use preg_replace [us3.php.net] to take out all of the functions that you do not want an admin to use. Since this function utilizes regular expressions, here's a tutorial [webmasterworld.com]. Good luck ;)

asantos




msg:1251084
 5:35 pm on Jun 19, 2006 (gmt 0)

Thanks, ill stick to the preg ;)

Romeo




msg:1251085
 10:16 am on Jun 20, 2006 (gmt 0)

... I would not do this : taking code from a public text area and run it.
It is a security risk. You won't find ALL unwanted functions and features -- there are too many of them, and there are too many ways to exploit.

If you scan for "DROP " to prevent a DROP DATABASE, then how about this:
$abc = 'D';
$x = "base";
$abc .= 'R' . "OP";
$y = 'data' . $x;
$sql = $abc . " " . $y;

It is a can of worms.

Kind regards,
R.

eelixduppy




msg:1251086
 12:17 pm on Jun 20, 2006 (gmt 0)

Good point Romeo. I wonder though, if mysql connections are closed before the 'admin content' is included into a file, they wouldn't have access to the database anyway unless they had their own account, in which case you can limit their privileges(preventing any malicious actions). Or even, have every db connection with an account that has these restrictions so that there is no way any db's or tables will be dropped. I don't know, just a thought ;)

hakre




msg:1251087
 5:06 pm on Jun 20, 2006 (gmt 0)

But... what can i do if an admin becomes "evil" and adds some kind of malicious code? for example: unlink() or a $sql = 'DROP database...' etc...

you can do nothing about that. even preg_replace won't help you, this will just lead to the situation making your code more complex and even more critical. there is no such routine to filter out "bad" commands. your computer just nows commands so it will execute commands. your computer does not judge about wethere these commands are good or bad.

since php is a very complex language with a lot of features, there is no such filter on specific executions would could classify as bad. there is even no way of classification i guess.

for your applikation i would suggest to use some other language which just has got alle the features needed for plugins and nothing more in addition.

--hakre

eelixduppy




msg:1251088
 6:59 pm on Jun 20, 2006 (gmt 0)

Well...depending on how much restriction you want to give the admins, you can disable certain functions in php.ini file, assuming you aren't going to need them anywhere else.


; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
disable_functions =

asantos




msg:1251089
 7:46 pm on Jun 20, 2006 (gmt 0)

Thank you all for the tips and replies. I think the best way to go around this is to limit the modulo php codification to TOP LEVEL admin users only.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved