FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Check if $_GET contains something other than what's allowed
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
Check if $_GET contains something other than what's allowed [message #183820] Thu, 21 November 2013 16:21 Go to next message
jwcarlton is currently offline  jwcarlton
Messages: 76
Registered: December 2010
Karma: 0
Member
add to buddy list
ignore all messages by this user
I have a script that's constantly under attack by hackers submitting odd queries. My script is tight enough that it's not been a problem, but still, it's annoying.

Just for the sake of peace of mind, how can I check for any $_GET key that's not allowed (in which case I can kill the script from the beginning)?

TIA,

Jason
Re: Check if $_GET contains something other than what's allowed [message #183821 is a reply to message #183820] Thu, 21 November 2013 16:31 Go to previous messageGo to next message
Salvatore is currently offline  Salvatore
Messages: 38
Registered: September 2012
Karma: 0
Member
add to buddy list
ignore all messages by this user
On 2013-11-21, Jason C <jwcarlton(at)gmail(dot)com> wrote:
> Just for the sake of peace of mind, how can I check for any $_GET key
> that's not allowed (in which case I can kill the script from the
> beginning)?

$allowed_values = array('username', 'password', ...);

foreach ($_GET as $key => $value) {
if (array_search($key, $allowed_values) === false) {
// deny access here
}
}

--
Blah blah bleh...
GCS/CM d(-)@>-- s+:- !a C++$ UBL++++$ L+$ W+++$ w M++ Y++ b++
Re: Check if $_GET contains something other than what's allowed [message #183822 is a reply to message #183820] Thu, 21 November 2013 16:48 Go to previous messageGo to next message
Thomas 'PointedEars'  is currently offline  Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
Jason C wrote:

> I have a script that's constantly under attack by hackers submitting odd

s/hackers/crackers/

Rule of thumb: Hackers build, crackers (attempt to) destroy.

> queries. My script is tight enough that it's not been a problem, but
> still, it's annoying.
>
> Just for the sake of peace of mind, how can I check for any $_GET key
> that's not allowed (in which case I can kill the script from the
> beginning)?

<http://php.net/isset>
<http://php.net/array_key_exists>

However, your problem more likely is having register_globals=on when it
should be off; not validating user input, inviting SQL injection; aso.

<https://owasp.org/>


PointedEars
--
Prototype.js was written by people who don't know javascript for people
who don't know javascript. People who don't know javascript are not
the best source of advice on designing systems that use javascript.
-- Richard Cornford, cljs, <f806at$ail$1$8300dec7(at)news(dot)demon(dot)co(dot)uk>
Re: Check if $_GET contains something other than what's allowed [message #183825 is a reply to message #183822] Thu, 21 November 2013 17:16 Go to previous messageGo to next message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
On 11/21/2013 4:48 PM, Thomas 'PointedEars' Lahn wrote:
> Jason C wrote:
>
>> I have a script that's constantly under attack by hackers submitting odd
>
> s/hackers/crackers/
>
> Rule of thumb: Hackers build, crackers (attempt to) destroy.
>

No, hackers is the correct term. You really should learn to understand
English before correcting a native speaker of it.

>> queries. My script is tight enough that it's not been a problem, but
>> still, it's annoying.
>>
>> Just for the sake of peace of mind, how can I check for any $_GET key
>> that's not allowed (in which case I can kill the script from the
>> beginning)?
>
> <http://php.net/isset>
> <http://php.net/array_key_exists>
>
> However, your problem more likely is having register_globals=on when it
> should be off; not validating user input, inviting SQL injection; aso.
>

There is no indication in his update that ANY of this is true. In fact,
his update seems to indicate exactly the opposite.

> <https://owasp.org/>
>
>
> PointedEars
>

Not everyone is as dense as you.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
"Hackers" vs. "Crackers" (was: Re: Check if $_GET contains something other than what's allowed) [message #183857 is a reply to message #183825] Fri, 22 November 2013 11:36 Go to previous messageGo to next message
Arno Welzel is currently offline  Arno Welzel
Messages: 317
Registered: October 2011
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
Jerry Stuckle, 2013-11-21 23:16:

> On 11/21/2013 4:48 PM, Thomas 'PointedEars' Lahn wrote:
>> Jason C wrote:
>>
>>> I have a script that's constantly under attack by hackers submitting odd
>>
>> s/hackers/crackers/
>>
>> Rule of thumb: Hackers build, crackers (attempt to) destroy.
>>
>
> No, hackers is the correct term. You really should learn to understand
> English before correcting a native speaker of it.

<http://www.oxforddictionaries.com/definition/english/hacker?q=hacker>
<http://www.oxforddictionaries.com/definition/english/hacker?q=cracker>

Seems the official meaning of both words is the same.

And <http://en.wikipedia.org/wiki/Hacker> shows, there is much more
about this topic than a simple "hackers are people attacking computer
systems".

Anyway - "hacker" originally just referred to computer enthusiasts
"hacking" on their keyboards. Also see "Hackers: Heroes of the Computer
Revolution" by Steven Levy, ISBN 0-385-19195-2.

Some hackers *also* used their skills to gain access to systems with
poor or no special protection at all and some also sold the acquired
data - but this does not mean that a "hacker" is always a bad guy.

Later "hacking" also became the synonym for using technology in new ways
- a "hack" is just another creative use for existing technology or to
deal with technical limitations.

On the opposite - "cracking" originally referred to "crack" copy
protections in computer games. In the 1980ies there where a number of
popular "Cracker Groups", for example:

<http://csdb.dk/search/advancedresult.php?form[category]=groups&group_type[]=2>

Later "cracker" was also used as a synonym for "bad" hackers with
criminal intents. But today many people just say "hacker" when they
actually mean "black hat" or "script kiddie".


--
Arno Welzel
http://arnowelzel.de
http://de-rec-fahrrad.de
Re: "Hackers" vs. "Crackers" [message #183860 is a reply to message #183857] Fri, 22 November 2013 13:52 Go to previous messageGo to next message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
On 11/22/2013 11:36 AM, Arno Welzel wrote:
> Jerry Stuckle, 2013-11-21 23:16:
>
>> On 11/21/2013 4:48 PM, Thomas 'PointedEars' Lahn wrote:
>>> Jason C wrote:
>>>
>>>> I have a script that's constantly under attack by hackers submitting odd
>>>
>>> s/hackers/crackers/
>>>
>>> Rule of thumb: Hackers build, crackers (attempt to) destroy.
>>>
>>
>> No, hackers is the correct term. You really should learn to understand
>> English before correcting a native speaker of it.
>
> <http://www.oxforddictionaries.com/definition/english/hacker?q=hacker>
> <http://www.oxforddictionaries.com/definition/english/hacker?q=cracker>
>
> Seems the official meaning of both words is the same.
>

Which means Pointed Head's correction was WRONG. And "Hackers" is much
more recognized and used than "crackers". But once again, a non-native
English speaker is trying to correct a native English speaker.

> And <http://en.wikipedia.org/wiki/Hacker> shows, there is much more
> about this topic than a simple "hackers are people attacking computer
> systems".
>
> Anyway - "hacker" originally just referred to computer enthusiasts
> "hacking" on their keyboards. Also see "Hackers: Heroes of the Computer
> Revolution" by Steven Levy, ISBN 0-385-19195-2.
>

Yes, and "Hello" was originally an exclamation of surprise. Word
definitions change.

> Some hackers *also* used their skills to gain access to systems with
> poor or no special protection at all and some also sold the acquired
> data - but this does not mean that a "hacker" is always a bad guy.
>

I never said it did.

> Later "hacking" also became the synonym for using technology in new ways
> - a "hack" is just another creative use for existing technology or to
> deal with technical limitations.
>

That term was popular long before computers came into popularity.

> On the opposite - "cracking" originally referred to "crack" copy
> protections in computer games. In the 1980ies there where a number of
> popular "Cracker Groups", for example:
>
> <http://csdb.dk/search/advancedresult.php?form[category]=groups&group_type[]=2>
>
> Later "cracker" was also used as a synonym for "bad" hackers with
> criminal intents. But today many people just say "hacker" when they
> actually mean "black hat" or "script kiddie".
>
>

"Black Hat" and "Script Kiddie" have different meanings, and are a
subset of hackers. "Black Hat" originally referred to spies. And
"script kiddies" may or may not be bad guys. Richard, for instance.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
Re: "Hackers" vs. "Crackers" [message #183979 is a reply to message #183860] Sat, 30 November 2013 06:49 Go to previous messageGo to next message
j80k-vpfc is currently offline  j80k-vpfc
Messages: 10
Registered: September 2013
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
In article <l6o95r$te7$1(at)dont-email(dot)me>, jstucklex(at)attglobal(dot)net (Jerry
Stuckle) wrote:

> *Subject:* Re: "Hackers" vs. "Crackers"
> *From:* Jerry Stuckle <jstucklex(at)attglobal(dot)net>
> *Date:* Fri, 22 Nov 2013 13:52:38 -0500
>
Hardware hackers are the opposite of software hackers.

http://hackaday.com
Re: "Hackers" vs. "Crackers" [message #183981 is a reply to message #183979] Sat, 30 November 2013 08:53 Go to previous messageGo to next message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
On 11/30/2013 6:49 AM, Steve wrote:
> In article <l6o95r$te7$1(at)dont-email(dot)me>, jstucklex(at)attglobal(dot)net (Jerry
> Stuckle) wrote:
>
>> *Subject:* Re: "Hackers" vs. "Crackers"
>> *From:* Jerry Stuckle <jstucklex(at)attglobal(dot)net>
>> *Date:* Fri, 22 Nov 2013 13:52:38 -0500
>>
> Hardware hackers are the opposite of software hackers.
>
> http://hackaday.com
>

Who's talking about hardware hackers?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
Re: "Hackers" vs. "Crackers" [message #183983 is a reply to message #183979] Sat, 30 November 2013 09:30 Go to previous messageGo to next message
Thomas 'PointedEars'  is currently offline  Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
Steve wrote:

> Hardware hackers are the opposite of software hackers.

Nonsense.


PointedEars
--
Sometimes, what you learn is wrong. If those wrong ideas are close to the
root of the knowledge tree you build on a particular subject, pruning the
bad branches can sometimes cause the whole tree to collapse.
-- Mike Duffy in cljs, <news:Xns9FB6521286DB8invalidcom(at)94(dot)75(dot)214(dot)39>
Re: "Hackers" vs. "Crackers" [message #183986 is a reply to message #183981] Sat, 30 November 2013 09:58 Go to previous messageGo to next message
j80k-vpfc is currently offline  j80k-vpfc
Messages: 10
Registered: September 2013
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
In article <l7cql2$ueg$1(at)dont-email(dot)me>, jstucklex(at)attglobal(dot)net (Jerry
Stuckle) wrote:

> *Subject:* Re: "Hackers" vs. "Crackers"
> *From:* Jerry Stuckle <jstucklex(at)attglobal(dot)net>
> *Date:* Sat, 30 Nov 2013 08:53:37 -0500
>
> On 11/30/2013 6:49 AM, Steve wrote:
>> In article <l6o95r$te7$1(at)dont-email(dot)me>, jstucklex(at)attglobal(dot)net
>> (Jerry
>> Stuckle) wrote:
>>
>>> *Subject:* Re: "Hackers" vs. "Crackers"
>>> *From:* Jerry Stuckle <jstucklex(at)attglobal(dot)net>
>>> *Date:* Fri, 22 Nov 2013 13:52:38 -0500
>>>
>> Hardware hackers are the opposite of software hackers.
>>
>> http://hackaday.com
>>
>
> Who's talking about hardware hackers?
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstucklex(at)attglobal(dot)net
> ==================
>
Somebody further up the thread suggested that hackers build.

I was just pointing out that hardware hackers do, software hackers don't.
Re: "Hackers" vs. "Crackers" [message #183987 is a reply to message #183986] Sat, 30 November 2013 10:15 Go to previous messageGo to next message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
On 11/30/2013 9:58 AM, Steve wrote:
> In article <l7cql2$ueg$1(at)dont-email(dot)me>, jstucklex(at)attglobal(dot)net (Jerry
> Stuckle) wrote:
>
>> *Subject:* Re: "Hackers" vs. "Crackers"
>> *From:* Jerry Stuckle <jstucklex(at)attglobal(dot)net>
>> *Date:* Sat, 30 Nov 2013 08:53:37 -0500
>>
>> On 11/30/2013 6:49 AM, Steve wrote:
>>> In article <l6o95r$te7$1(at)dont-email(dot)me>, jstucklex(at)attglobal(dot)net
>>> (Jerry
>>> Stuckle) wrote:
>>>
>>>> *Subject:* Re: "Hackers" vs. "Crackers"
>>>> *From:* Jerry Stuckle <jstucklex(at)attglobal(dot)net>
>>>> *Date:* Fri, 22 Nov 2013 13:52:38 -0500
>>>>
>>> Hardware hackers are the opposite of software hackers.
>>>
>>> http://hackaday.com
>>>
>>
>> Who's talking about hardware hackers?
>>
>>
> Somebody further up the thread suggested that hackers build.
>
> I was just pointing out that hardware hackers do, software hackers don't.
>

Which has nothing to do with the discussion at hand. And software
hackers can build, also. Not all are bad guys.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
Re: "Hackers" vs. "Crackers" [message #183988 is a reply to message #183983] Sat, 30 November 2013 11:33 Go to previous messageGo to next message
The Natural Philosoph is currently offline  The Natural Philosoph
Messages: 993
Registered: September 2010
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
On 30/11/13 14:30, Thomas 'PointedEars' Lahn wrote:
> Steve wrote:
>
>> Hardware hackers are the opposite of software hackers.
>
> Nonsense.
>
bent noses are the opposite of pointed ears.

>
> PointedEars
>


--
Ineptocracy

(in-ep-toc’-ra-cy) – a system of government where the least capable to
lead are elected by the least capable of producing, and where the
members of society least likely to sustain themselves or succeed, are
rewarded with goods and services paid for by the confiscated wealth of a
diminishing number of producers.
Re: "Hackers" vs. "Crackers" [message #183991 is a reply to message #183986] Sat, 30 November 2013 11:51 Go to previous messageGo to next message
The Natural Philosoph is currently offline  The Natural Philosoph
Messages: 993
Registered: September 2010
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
On 30/11/13 14:58, Steve wrote:
> In article <l7cql2$ueg$1(at)dont-email(dot)me>, jstucklex(at)attglobal(dot)net (Jerry
> Stuckle) wrote:
>
>> *Subject:* Re: "Hackers" vs. "Crackers"
>> *From:* Jerry Stuckle <jstucklex(at)attglobal(dot)net>
>> *Date:* Sat, 30 Nov 2013 08:53:37 -0500
>>
>> On 11/30/2013 6:49 AM, Steve wrote:
>>> In article <l6o95r$te7$1(at)dont-email(dot)me>, jstucklex(at)attglobal(dot)net
>>> (Jerry
>>> Stuckle) wrote:
>>>
>>>> *Subject:* Re: "Hackers" vs. "Crackers"
>>>> *From:* Jerry Stuckle <jstucklex(at)attglobal(dot)net>
>>>> *Date:* Fri, 22 Nov 2013 13:52:38 -0500
>>>>
>>> Hardware hackers are the opposite of software hackers.
>>>
>>> http://hackaday.com
>>>
>>
>> Who's talking about hardware hackers?
>>
>> --
>> ==================
>> Remove the "x" from my email address
>> Jerry Stuckle
>> JDS Computer Training Corp.
>> jstucklex(at)attglobal(dot)net
>> ==================
>>
> Somebody further up the thread suggested that hackers build.
>
> I was just pointing out that hardware hackers do, software hackers don't.
>
and even then you were wrong.

hacking is or was simply 'building without a formal specification' that
is you knocked something up and 'hacked' at it until it resembled what
you were trying to achieve. A bit like sculpting.

Iterative design is the technical term :-)

Any decent software or hardware person has done it. It pays when the
overhead of dong the design exceeds the time taken to hack away and get
somewhere. Most successful designs are a mixture of both.

Keith Duckworth on the Cosworth V8 engine development "we just hacked
off metal from the crankcase to reduce weight till it broke, then we'd
put that bit back and try somewhere else"

Software hacking is no different. Think of a part of the problem, you
know how to solve. Write that. Then decide what else you need. What you
have already written defines the interface to that, and means your
problem is already bounded. Hack code until what you have fits with the
first hack, and solves another bit. Repeat till it all works, then give
it to test and see where it breaks, then add bits back till it doesn't.
Then sell and wait for the bug reports. Anywone who thinks Microsoft
Windows wasn't written that way has never disassembled it.

Exactly the same is true of a Porsche sports car. Take a lousy swing
axled cheap nightmare of a car - a volkswagen beetle - and tune it up
till it breaks and keep adding bits over a period of 30 years till it
really actually does go quite fast and not break that often. Yes, its
still a tricky evil tail happy bitch of a car to drive so give your
customers lessons in how to handle, hack in some traction control and a
lot of electronics and pretend its more advanced that a car that doesn't
need all that to be safe to drive...


--
Ineptocracy

(in-ep-toc’-ra-cy) – a system of government where the least capable to
lead are elected by the least capable of producing, and where the
members of society least likely to sustain themselves or succeed, are
rewarded with goods and services paid for by the confiscated wealth of a
diminishing number of producers.
Re: "Hackers" vs. "Crackers" [message #183993 is a reply to message #183988] Sat, 30 November 2013 12:13 Go to previous messageGo to next message
Doug Miller is currently offline  Doug Miller
Messages: 171
Registered: August 2011
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
The Natural Philosopher <tnp(at)invalid(dot)invalid> wrote in news:l7d40j$rds$2
@news.albasani.net:

> On 30/11/13 14:30, Thomas 'PointedEars' Lahn wrote:
>> Steve wrote:
>>
>>> Hardware hackers are the opposite of software hackers.
>>
>> Nonsense.
>>
> bent noses are the opposite of pointed ears.

Dollars to doughnuts he doesn't get the reference. (English is not PointedHead's first
language, and he doesn't understand it nearly as well as he thinks he does.)
Re: "Hackers" vs. "Crackers" [message #183996 is a reply to message #183986] Sun, 01 December 2013 11:13 Go to previous message
Thomas 'PointedEars'  is currently offline  Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma: 0
Senior Member
add to buddy list
ignore all messages by this user
Steve wrote:

> Somebody further up the thread suggested that hackers build.

It was me, and I was specifically referring to software hackers.

> I was just pointing out that hardware hackers do, software hackers don't.

Nonsense, cf. <http://www.catb.org/esr/faqs/hacker-howto.html> etc.


PointedEars
--
When all you know is jQuery, every problem looks $(olvable).
Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: finding newlines
Next Topic: video sharing website
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Oct 19 16:16:22 EDT 2017

Total time taken to generate the page: 0.00798 seconds