CSCI 2006 - Spring 2024 - Server-Side ProgrammingLab #11 - SecuritySolution

Solution

Task Examples

  1. A visitor that is logged in can not access a page with type="reg" or type="adv" (even with direct link)
  2. A visitor that is logged in can promote or demote any other user
  3. A password used by a user can not be "discovered" from our application
  4. A "regular" user of the site (once logged in) can not access a page with type="adv" (even with a direct link)
  5. A "regular" user of the site (once logged in) can not promote or demote any other user
  6. An "advanced" user of the site (once logged in) can not demote any other user
  7. An "advanced" user of the site (once logged in) can only promote one user at a time
  8. When a user logs off, any premissions they had are immediately erased

SQL Injection

The site uses the built-in input sanitizing tool (through the prepare) statement for all of the SQL inputs. No SQL is generated through string concatenation using anything other than string literals. This ensures that the best method for sanitization is used (assuming that the PHP libraries are being regularly updated on the server). We could further convert known datatypes (such as numeric) using parsefloat and parseint, prior to providing them as inputs to the prepare statement in order to doubly ensure that values are being treated as values rather than as SQL