Specifications

ManualsBrandsMaxxus ManualsExercise BikePRO SPK-23

361

362

363

364

365

366

367

368

369

370

not have permission to write or create new files in directories that can be loaded from the Web

server. If you allow others to write files here, they could write a malicious script and execute it

by loading it through the Web server.

If your scripts need permission to write to files, make a directory outside the Web tree for this

purpose. This is particularly true for file upload scripts. Scripts and the data that they write

should not mix.

When writing sensitive data, you might be tempted to encrypt it first. There is usually little

value in this approach though.

We’ll put it this way: If you have a file called creditcardnumbers.txt on your Web server

and a cracker obtains access to your server and can read it, what else can he read? In order to

encrypt and decrypt data, you will need a program to encrypt data, a program to decrypt data,

and one or more key files. If the cracker can read your data, probably nothing is stopping him

from reading your key and other files.

Encrypting data could be valuable on a Web server, but only if the software and key to decrypt

the data was not stored on the Web server, but only existed on another machine. One way of

securely dealing with sensitive data would be to encrypt it on the server, and then transmit it to

another machine, perhaps via email.

Database data is similar to data files. If you set up MySQL correctly, only MySQL can write to

its data files. This means that we need only worry about accesses from users within MySQL.

We have already discussed MySQL’s own permission system, which assigns particular rights to

particular usernames at particular hosts.

One thing that needs special mention is that you will often need to write a MySQL password

in a PHP script. Your PHP scripts are generally publicly loadable. This is not as much of a dis-

aster as it might seem at first. Unless your Web server configuration is broken, your PHP

source will not be visible from outside.

If your Web server is configured to parse files with the extension .php using the PHP inter-

preter, outsiders will not be able to view the uninterpreted source. However, you should be

careful when using other extensions. If you place .inc files in your Web directories, anybody

requesting them will receive the unparsed source. You need to either place include files outside

the Web tree, configure your server not to deliver files with this extension, or use .php as the

extension on these as well.

If you are sharing a Web server with others, your MySQL password might be visible to other

users on the same machine who can also run scripts via the same Web server. Depending on

how your system is set up, this might be unavoidable. This can be avoided by having a Web

server set up to run scripts as individual users, or by having each user run her own instance of

Implementing Secure Transactions with PHP and MySQL

HAPTER 15

MPLEMENTING

ECURE

TRANSACTIONS

337

19 7842 CH15 3/6/01 3:40 PM Page 337