claro — 2012-09-25T02:36:20-04:00 — #1
Greetings! I found this tutorial
http://phpeasy.co.uk/tutorial-object-orientation-basics-part-4-implementing-crud-methods/ so great! But I have a small problem about the update and delete part, I don't understand, but I found my own way to solve it, I just add another method and it works well.
public function id()
My problem is I'm using GET method in deleting my items and I don't know how to secure my data. Whenever I tried to put in my url mysite/delete?='id value here' , my data deletes even if I'm using pdo. Is there any way to prevent user from doin it? thank you.
tpunt — 2012-09-25T02:53:49-04:00 — #2
I believe you're referring to Cross-Site Request Forgeries (or CSRF); in which the database API would have no affect on it. A security feature known as a nonce can help prevent the problems you're having by passing a unique token through the request URI (and validated on the other end with a session variable). Here's a quick example to demonstrate:
$_SESSION['nonce'] = md5(mt_rand());
<a href="action.php?do=delete&gid=1&id=1&ext=php&tok=<?php echo $_SESSION['nonce']; ?>">Delete Something</a>
if(isset($_GET['tok']) && $_GET['tok'] === $_SESSION['nonce'])
That's one common method of preventing CSRF; the other method (if you didn't want to go through the hassle of setting up nonces) would be to handle the data via the HTTP POST method.
claro — 2012-09-25T03:12:20-04:00 — #3
Thank you very much sir! I'll just google what 'nonce' is all about. Thank you, thank you!
tpunt — 2012-09-25T03:30:26-04:00 — #4
That was just a random URI example of a HTTP GET request used to perform an action. The unique token (in the session variable) is echoed out so that it's in the URI link; making the link valid on that page for when you want to use the action.
cups — 2012-09-25T08:50:00-04:00 — #5
Another potential problem you may need to guard against is that using GET to delete things can have unforeseen side effects.
A bot could index your site and accidentally delete everything.
Even when logged in, a mischievous user could delete items in their own account, or the accounts of others by just creating a load of sequentially numbered html links.
GET should be used to do just that get things.
There are ways to defend against this, including :
- Not actually deleting anything, just setting a flag in your table in a column named display (0 / 1) **
- Making sure each Mysql user only has delete privileges for their own tables
- Limit the number of deletes per minute, say
- Use the POST method for deletes, inserts, updates etc
Just something to bear in mind, 'tis all, and much depends on your situation.
** that might mean you can offer an undo option, or look upon old data as an "archive".
claro — 2012-09-27T23:13:37-04:00 — #6
I'll remember that! thank you !