Monday, January 18, 2010

Studying PHP Mail Form v2, Part 1

As I said in my last post,
I'm hardly what you'd call
a PHP expert.

So, it's back to school again.

I'm studying the script found
here:

PHP MAIL FORM V2

In my last post, I took a quick
look at this script:

Installing a PHP Form Mail Script

I liked the script when I first
saw it because it seems to be
a very security conscious script.

I notice right away that it has
lots of buffer overflow protection.
This is good!

Buffer overflow protection makes
it hard for outsiders to change
the code in your script by
writing long input strings when
submitting a form.

This is one of the basic techniques
of evil people. They alter the
purpose and intent of your script by
overflowing input buffers to the
point where they have altered the
script itself.

Not much of an explanation. Suffice
it to say that such a thing is possible.

Here's a Wikipedia article that explains
buffer overflow much better:

Buffer Overflow

I notice that this script puts careful
limitations on the length of input
data.

In the code, look for the strlen()
function. This seems to be where the
the limitation on string length is
implemented.

Here's an example:

As of this writing, the length of comments
is limited to 1500 characters. For
someone trying to introduce a security
compromise in this script, this is a
severe limitation.

Here, for example, is the element of the
$_POST associative array that
contains the comments input by the web
visitor:

$_POST['comments']

Here's some PHP documentation for the
$_POST associative array:

PHP $_POST Associative Array

Apparently $_POST is used to retrieve
environment variables.

In any HTML Form, you can set your
method to post. This is a
method for passing form information
to your form processing program.

When you do this, you are basically
setting variables in the shell
environment. Since the shell environment
variables are common to both the form
and the program that processes the form,
information can be passes this way.

I think of the shell environment variables
as little buckets of information that
can be shared and altered by more than
one program.

I assume that the name of the associative
array, $_POST, implies that you
are using the post method mentioned
above.

OK. I'll look at this script again later.
This appears to be a very useful script.

Ed Abbott
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)