Hi ,
I have built a cms from scratch in PHP and I need a little help with getting it more secure. Basically I have arranged all my important files as followed:
/var/www/TESTUSERNAME/includes/val.php
Is this a secure way to stop people from getting hold of my values ?
Would it be a better to store these values in a database then run the query in this file ?
could you also give me some tips on how to better secure my application ?
First of all, you configure the php installation in such way that it becomes less vulnerable, you can also use the htaccess file to secure your directories.
What about other security issues?
XSS
CSFR
SQL Injection
Session hijacking
Session Fixation
etc
etc
Check POST data for SQL injection, XSS:Filter script (and HTML) inserted to your page. These 2 are the most important.
And of course update your installation. also you shouldn't rely on Session. If somebody stole a cookie of logged user he change into this user.
If you put the values in the database then you have to worry about SQL Injection. If you aren't using parametrized quires, then you might have a serious problem with SQL Injection and moving the values to the database could be a bad idea due to this increased attack surface. In MySQL SQL injection can be used to read files like val.php, make sure your web application doesn't have "FILE" privileges. You also have to make sure your privileges are setup properly on this file. chmod 750 is a good one of this file, the last number 0 denies all access to everyone that isn't you or in your group.
by keeping the values in val.php you still have to worry about directory traversal vulnerabilities like this:
print file_get_contents("/var/www/whatever/".$_GET['FILE_NAME']);
Go though your code and pay attention to where you are reading and writing to files. Make sure you aren't passing in user control variables. If you want to get an attackers preservative on PHP and learning other ways of how files can be read i recommend reading A Study In Scarlet.