Accept Known Good and potential attacks

ywickham

I've just recently been introduced to the concept of Accept Known Good, where instead of rejecting badly formed input, a whitelist of acceptable inputs is used to validate against. I love the idea, but I am curious as to what the consensus is in regards to AKG ruling out every potential attack?

Basically, I'm looking for what kind of attacks would work against an AKG security measure. My understanding was that whether or not the user provided a valid input to use, the actual value used by the script would be pulled from the list/array of acceptable known values and the actual value provided by the users are never used by the actual script.

However, I am not a security person so if there are other potential attacks that could get by an AKG setup, I'd love to know about them so I can read up.

Thanks!

halojoy

Where is possible to use AKG,
then it is one of the best ways to get only what you expect into variables.

One typical example is where you use $_GET in URL.
There is not good to accept anything.
Because a hacker or anybody can very easily misuse
and enter just about whatever into the URL for values.

This is terrible!!!!!!!!!!!!!!!!

<?php
// we suppose an URL feature like this
// 'index.php?page=pagename'

$goto = $_GET['page'];
header('location: ' . $goto);

//or doing this without any checking
include $goto;

?>

Instead we can make an array of allowed pagenames
Or use swich + case for every good pagename.
This is what you call AKG.

ywickham

Thank you halojoy. I wasn't clear though. I do understand the basics of AKG, what I need to know is if AKG is still susceptible to any particular attacks and if so what are they? Even better, an example of the attack would be wonderful.

Thanks!

Weedpacket

Well, it's not relevant with respect to any attack that doesn't depend on processing submitted data (the client can send your server anything).

ywickham

Thank you Weedpacket. I'm not sure I understand what you are saying though. Would you mind dumbing it down for me?

Thanks!

Weedpacket

it doesn't need dumbing down: the plain statement is that your server can be hit by anything.

Including, if the attacker wants to be sure, a nuke from orbit.

ywickham

Ok. I was looking for more, but thank you for your help otherwise.

Weedpacket

Well there was this posted last month; the database behind it goes into a fair bit more detail.

Or there was this, that came up in a search.