Security Issue?

Anon

I am not a web developer or php expert but have beem learning about php/mysql. Im actually a midrange as400 programmer and am building our company extranet. We have many static reports that Ive ported over to htm format.

Im gonna be trying to create a login system with php/mysql so I only show the correct reports to the correct people when they login. Ive made logins before and that will not be a problem. But Im thinking about the static htm reports and I will basically be showing links to the right reports for the right people. This would leave open the option for someone to type in the url directly and get to a report they should not have access to. Im sure there is a proper way to do this to limit access but am unsure of where to look or what to read.

Please give me a clue. Thanks.

[deleted]

Clue:

make your login so that it stores the identity of the user somewhere.
Easiest method: http authentication. That uses the $REMOTE_USER variable which you can use to track who's requesting the report.
The report should then somehow check wether that particular user has the right to view that report.

Anon

Hey, the reports are generated in bulk and i dont want to have to add code to each page.

I was going to use sessions, sessions and the $remote_user thing can work together? Ill read up on http authentication.

toma42

http authentication is a good way. Another way to do this would be to include the user login page as the auto_prepend_file in the php.ini.

This way, even for static pages, the prepend file will run and you can require a login there before letting the user view whichever page they requested.

good luck,
Tom

brandonschnell

another trick is to hide the path to the report. place the reports outside of the web root so they can't be directly accessed. then using a URL like http://internal.mycompany.com/retrieve_report.php?report_name=bob show users the report.

retrieve_report.php would do what vincent is talking about in verifying the users. then it would set the appropriate mime type for the report and send the report to the clients browser using a php function like fread(). it'll be a bit more data intensive on the web server, but will offer stronger security.

http://www.php.net/manual/en/function.fread.php

Anon

I think what you can do is to actually protect the html text itself, something like page permissions.

This is how i did it.

====================================
<?php
require ("required_include_file.inc.php");
is_authorized = require_login("<permission_lvl>");
if (!is_authorized) {
echo "Sorry you dont have permission to access this page.";
exit;
}
?>

<contimue with the html page>

The function require_login needs to verify if user is logged in, and takes an argument which is the page permission level and check if user has the appropriate permission and returns true or false appropriately.

You can do something different depending on your requirenment and conditions. Hope this helps

kparker

To avoid rewriting all the static files, use include() to incorporate the file.

[deleted]

That's allmost exactly what I meant. :-)

Anon

Marena, I like what you told me the best as its along the lines of what i was thinking.

Heres a possible catch that Im concerned about. I have many many html static reports that are recreated monthly. This means I do not want to individually edit those pages. I probably do a readfile or include like the guy who posted after you suggested. However I think that will mean I will have all of these reports in a folder/directory that could be found in the url.

Were going ot be using microsoft IIS for the server.

My understanding of this web stuff is not up to snuff so tell me if Im missing something that I should know on how to keep people from bringing up what they shoudlnt see.

brandonschnell

take a look at what i posted again. include/readfile/fread all can load files that are outside of wwwroot. if the file is outside of wwwroot then the users must go through your script to get the files.

Anon

I think Brandon's solution is the best one. By putting the html files outside web dir tree, it's not possible to access those files directly. Something like :

=================
if ($authorized) {
include("/home/data/$file_name");
} else {
echo "Sorry you are not authorized to see the page.");

}

If it's not possible for some reasons, then by protecting the html file itself like my prev posting is the other solution. The only downside to the later method is that you have to modify all your html reports. So if you decide with the later, i think it's better if you port your next reports with php include files and page permission code while you're porting the reports. :-)

MSN

Anon

Yaa thanks

Anon

but what if...

you have text files that you are storing and retrieving data from in a directory like /data but you want it to be owner only access and work on all operating systems too so users can access the files directly and view the data...