I've just been assigned to finish the development of an application which has user restricted access. The original developer was a co-op student, as am I.
After looking over his code it seems that the user only ever accesses index.php and the other php pages are called with an Include statement after authenticating the user and then determining the request.
I.e.
include __DIR__ . DIRECTORY_SEPARATOR . 'pages' . DIRECTORY_SEPARATOR . $page . 'Logic.php';
However, I noticed a comment in the include files of his web application,
// Since this page can be accessed if the user knows its
// URL, we must check if user has been authenticated and
// authorized through index.php
// todo
He realizes that there is a vulnerability such that a user which may guess the names of certain files can gain unauth access and he suggests performing an additional authorization check at the beginning of each include file.
I've learned a little bit about Apache and I know it can restrict user access to certain files and/or directories. However, if I did this, I'm not sure if it is enough and if I should also code in some auth checks additional to the one in index.php.
Aucun commentaire:
Enregistrer un commentaire