J2Ee Hosting, Sun Java Developing, Domain Name Hosting Blog

549Chapter 29SecurityBut with some help from mcryptand a few friends, we can make this impossible: mcryptdeals with strings full of binary data, so we can t easily type them or send them tobrowsers without modification. In this case, we have chosen to use the PHP base64functionsto turn them into well-behaved strings. Before writing this program, we invented a DESkeywith the following code: We copied and pasted the resulting key (in base 64 encoding) into our cookie program s firstline. We store the number of visits in the cookie named visits, encrypted and in base 64encoding. So if the visits variable is set, we first base64_decodeit, then decrypt it. We thenincrement the counter, encrypt it, base64_encodeit, and store it in a new cookie. The visitorsees cookie values such as IQ109yQCEgw%3D, which are not editable. The program is not completely secure! The cookie value just given will alwayscorrespond tovisit number 7. A cracker wishing to make your site believe he had visited only seven timescould simply substitute this value for the visitscookie. If you know it would not benefit avisitor to return to a prior cookie (in this case, if the visitor wants a large visit count), how- ever, this method is adequate: There is no way to easily invent a cookie for a state that hasnot been seen yet. To maintain a more useful visitor state, you should use sessions, which are described fully inChapter 24. This example should bring home the need to keep your source code private: If a crackercould view this program from his or her browser, he or she would have your site s encryptionkey and could decrypt your cookie values with ease. HashingSigning a document with your private key produces a signature that is as large as the originaldocument. This becomes a problem when we want to sign long documents such as files. Forinstance, most security software (including mcrypt) is digitally signed so that downloadersknow that the latest version really was written by the author. Otherwise, sysadmins worry, an eager cracker could circulate a version of a security program into which he or she hasinstalled a back door and then walk into the systems running that version with no difficulty. Cross- Reference33

This entry was posted on Monday, July 30th, 2007 at 1:07 am and is filed under Domain. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.