professional article on topics like Html,javascript,jquery,php , mysql etc.

Vulnerability by PHP constant


What the hell is this constant
Constant are just like variable except the fact that they can not be defined or changed after they are defiened.constants are also available from all scopes and cannot be modified. So they are not effected by register_global variable.

define() function - it takes two parameters, with the first being the name of the constant to set, and the second being the value to which you wish to set it.
define("CURRENT_TIME", time());

To make a constant case-insensitive just add a third parameter true which is by default obviously.
define("CURRENT_TIME", time(), true);
print Current_TiMe;

To check wheter a constant is set  defined() function is used, which is basically constant equivalent of isset(), returns true if the constant string you pass to it has been defined.


Vulnerability php constant
if you try to access an undefined constant then its  value will be a string containing the constant name
instead of NULL.
if (is_authorized_user())
define(‘auth’, TRUE);
if (auth) // will always be true, either Boolean(TRUE) or String(“auth”)
/* display content intended only for authorized users */

Don't worry be brave use best approach
Use Type-sensitive comparisons

if (is_authorized_user())
$auth = TRUE;
if ($auth === TRUE)
/* display content intended only for authorized users */

Though  constant  could be a very basic level of threat and as a programmer(any language) you need to always take care of several other big threats things like -  SQL injection, CSRF, session fixation attacksetc. in your code. But still it better to start code by keeping in mind even this kind of basic details.

More on  PHP Secure Coding 




0 comments:

Post a Comment

Share This

© 2011 PHP Tweak- advance php,javascript,html article, AllRightsReserved.