Try:
rpm –import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
rpm –import ftp://mirrors.easynews.com//linux/centos/RPM-GPG-K
Home
>
Security Security
CentOS-Yum: warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 6b8d79e6
How to write a permission system using bits and bitwise operations in PHP
I wrote this in PHP but you can use the same concept in other languages, I also assume an understanding of bits, bytes, binary to decimal conversion and vice-versa and bitwise operations on numbers like ‘or’, ‘and’ and ‘xor’ etc. if you have no idea, search and read about these first. You don’t have to be a guru but you should have an idea. Here are some pages to get you started:
http://en.wikipedia.org/wiki/Byte
http://en.wikipedia.org/wiki/Bitwise_operation
http://us.php.net/manual/en/language.operators.bitwise.php
Some binary to decimal calculators to make it easier
We will use simple numbers to represent different permissions and as you might know a number is a collection of bytes. For example: an integer is usually 4 bytes. Although you don’t have to worry about the size of a number in a high level language like PHP but a little understanding of representation of numbers will help you better understand this technique.
So let’s assume when I say:
<?php $user_perms = 7; ?>
Internally the variable $user_perms looks like this:
|0|0|0|0|0|0|0|0|0|0|0|0|0|1|1|1|
This is a 2 byte representation of number 7, although, it might not look like this internally – it looks similar. Just assume this for now.
Let’s say that your application supports 4 functions that a user can use:
1 – Post a blog post
2 – Comment on blog posts
3 – Edit posts
4 – Delete posts
Normally, you could have 4 fields in your database table (structure or whatever) for a user titled:
1 – can_post
2 – can_comment
3 – can_edit
4 – can_delete
This is not good, 4 additional fields for your user table and who knows, what if your application has 100 functions? Do you want to add 100 fields to your user table?
With bits, you can have only 1 column and track all the permissions.
1 – perms
To do this, we will have to assign numbers for each of the functions: (Tip: use one of the calculators in the above list 
)
1 – Post a blog post |0|0|0|0|0|0|0|1| is 1 in decimal
2 – Comment on blog posts |0|0|0|0|0|0|1|0| is 2 in decimal
3 – Edit posts |0|0|0|0|0|1|0|0| is 4 in decimal
4 – Delete posts |0|0|0|0|1|0|0|0| is 8 in decimal
So you could have an array like this:
<?php $perms = array( 'can_post' => 1, 'can_comment' => 2, 'can_edit' => 4, 'can_delete' => 8 ); ?>
Almost there, let’s look at user’s perms field now.
I hope you know about bitwise ‘or’, when you ‘or’ 1 and 1 you get 1; 0 ‘or’ 1 is 1; 1 ‘or’ 0, is 1 and finally 0 ‘or’ 0 is 0, it’s just like the meaning of ‘or’ in the English language.
Similarly, bitwise ‘and’; when you ‘and’ 1 and 1 you get 1; 0 ‘and’ 1 is 0; 1 ‘and’ 0, is 0 and finally 0 ‘and’ 0 is 0, again it’s just like the meaning of ‘or’ in the English language.
Bitwise ‘xor’; when you ‘xor’ 1 and 1 you get 0; 0 ‘xor’ 1 is 1; 1 ‘xor’ 0, is 1 and finally 0 ‘xor’ 0 is 0.
So suppose you want to give a user permissions to post a blog post, post a comment and edit posts but not delete posts, you do it like this:
<?php $user_perms = $perms['can_post'] | $perms['can_comment'] | $perms['can_edit']; ?>
Note that, in PHP ‘|’ means ‘or’, so what just happened is something like this:
|0|0|0|0|0|0|0|1| ‘or’
|0|0|0|0|0|0|1|0| ‘or’
|0|0|0|0|0|1|0|0|
_______________________
|0|0|0|0|0|1|1|1|
Now $user_perms has the value 7 and |0|0|0|0|0|1|1|1| in it internally.
Suppose that this is on top of your post_blog.php or where ever you want to handle permissions for posting a blog, the only thing you need to do is:
<?php if ($user_perms & $perms['can_post']) { /* He/She has permissios to do this */ } else { /* He/She doesn't */ } ?>
In PHP ‘&’ is for bitwise ‘and’, please also note that ‘&&’ is logical ‘and’ and doesn’t operate on individual bits.
This is exactly what just happened:
|0|0|0|0|0|1|1|1| ‘and’
|0|0|0|0|0|0|0|1|
_______________________
|0|0|0|0|0|0|0|1|
So that’s ‘one’ not ‘0′, which means ‘if’ passes and the user has permissions to do this. But when it comes to deleting posts:
<?php if ($user_perms & $perms['can_delete']) { /* He/She does permissios to do this */ } else { /* He/She doesn't */ } ?>
Thus:
|0|0|0|0|0|1|1|1| ‘and’
|0|0|0|0|1|0|0|0|
_______________________
|0|0|0|0|0|0|0|0|
It’s ‘zero’ so ‘if’ fails and you show an error message or whatever it is you do.
To add ‘delete’ permissions, you use ‘or’ again:
<?php $user_perms |= $perms['can_delete']; ?>
So this happens:
|0|0|0|0|0|1|1|1| ‘or’
|0|0|0|0|1|0|0|0|
_______________________
|0|0|0|0|1|1|1|1|
To take away permissions you use ‘xor’:
<?php $user_perms ^= $perms['can_delete']; ?>
And this will happen:
|0|0|0|0|1|1|1|1| ‘xor’
|0|0|0|0|1|0|0|0|
_______________________
|0|0|0|0|0|1|1|1|
And delete permissions are gone!
Now let’s take away post permissions:
<?php $user_perms ^= $perms['can_post']; ?>
Thus:
|0|0|0|0|0|1|1|1| ‘xor’
|0|0|0|0|0|0|0|1|
_______________________
|0|0|0|0|0|1|1|0|
So this was just the basics, you can build on this and do more once you understand.
I hope this post will help someone
A PHP script for dealing with DoS attacks
Here is a simple script that will show you what IP addresses are making how many requests to your server.
<?php ## Functions ## function getIP($line) { ereg("[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}",$line,$regMatch); $ip = $regMatch[0]; if($ip) return $ip; else return "false"; } function processString($string, $size = 18) { $string = "[ ".$string; $length = strlen($string); $toAdd = $size - $length; for($x = 0; $x < $toAdd; $x++) { $string = $string." "; } $string = $string."]"; return $string; } ## Code ## while (true) { $cmd = "netstat -n | awk '{ print $5 }'"; exec($cmd, $netstatArray); $ipArray = array(); foreach($netstatArray as $line) { $ip = getIP($line); if($ip != "false" && ip != "127.0.0.1") { if(array_key_exists($ip, $ipArray)) { $ipArray[$ip]+=1; } else // if not, count=1 { $ipArray[$ip] = 1; } } } asort($ipArray); system("clear"); foreach($ipArray as $ip => $count) { if ($count < 15) continue; echo processString($ip); echo "\t" .processString(gethostbyaddr($ip), 55); echo "\tTimes Accessed: " .$count ."\n"; } echo str_repeat("-", 50) ."\n"; exec("top -n 1", $top_str); preg_match("#load average:(.+)#i", $top_str[0], $match); echo "Load Average: " .$match[1] ."\n"; echo str_repeat("-", 50) ."\n"; echo 'Showing $count >= 15: (Escape with ctrl+c)' ."\n"; sleep(10); } ?>
After identifying the IP addresses that are sending many requests at once to crash your server, you can ban them using a firewall software. I personally recommend APF: http://rfxnetworks.com/apf.php
You can do:
apf -d THEIPADDRESS SOMECOMMENTLIKEPOSSIBLEDOS
This script was originally written by a former employee of Acenet Inc and was modified by me. Acenet Inc is a great web hosting company with great support and fantastic staff members who will help you 24×7.
Here is some info about Denial of Service attacks (DoS attacks).
http://en.wikipedia.org/wiki/Denial-of-service_attack
I hope this helps someone.
Web App Security: XSS Attacks
Today, I saw a funny comment on a website:
<script> alert('0wn3d by X - X') </script>
<meta HTTP-EQUIV=Refresh CONTENT="0; URL=Some URL">In case you don’t know about these types of attacks, an attacker will write this comment on a blog (or any sort of web application) and if the application doesn’t escape it before displaying it, this code will display an alert box and then redirects your visitors to whatever the URL is right away.
So again, if I visit this page, I see the alert box and will be redirected to another page on the Internet.
To prevent this, you will have to escape all user generated content before displaying them on your pages, in PHP:
function html_escape($str) { return htmlentities($str, ENT_QUOTES, 'utf-8'); }
In Python:
import cgi # ... def escape_html(value) return cgi.escape(value, True)
These types of attacks are called Cross-Site Scripting or XSS:
http://en.wikipedia.org/wiki/Cross-site_scripting
Good Luck
A PHP form obfuscator; secure and spam free PHP forms
Example usage:
<?php require_once 'class_obfuscator.php'; $form_fields = array('username', 'password', 'email'); $obfuscator = new Form_Obfuscator($form_fields); $obfuscator -> set_secret_key('My Secret Key - ET8439FSKJ - EDIT THIS'); if( empty($_POST) ) { $fields = $obfuscator -> obfuscate(); $enc_form = $obfuscator -> encode_form(); ?> <form action="" method="post"> Name:<br /><input type="text" name="<?php echo $fields['username']; ?>" /><br /><br /> Password:<br /><input type="password" name="<?php echo $fields['password']; ?>" /><br /><br /> Email:<br /><input type="email" name="<?php echo $fields['email']; ?>" /><br /><br /> <input type="submit" /> <input type="hidden" name="__A" value="<?php echo $enc_form; ?>" /> </form> <?php } else { foreach($_POST as $key => $value) $_POST[ $key ] = trim(strip_tags($value)); /* Filter input */ $form = $obfuscator -> decode_form($_POST['__A'], $_POST); foreach($form as $key => $value) $form[ $key ] = htmlentities($value, ENT_QUOTES, 'utf-8'); /* Escape output */ echo "Username: {$form['username']}<br /> Password: {$form['password']}<br /> Email: {$form['email']}"; } ?>
This is a class I developed a while back while working on a project of mine and we already know that it’s very effective.
In order to understand what it does you need to first understand how a browser sends a POST request.
When a user submits a form, browser sends something like this to the server:
POST /somepage.php HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded Content-Length: THE LENGTH username=blah&password=blah&email=some_email
There are 2 problems with this:
1 – Someone along the way can view the password and email address by looking at the packets that are going to the server. (take a look at Wireshark software)
2 – You can send automatic queries to servers, for example automated spam through contact forms works like this. (some spam software can also read Captcha images so you need more protection)
The class I developed will change this POST request to something like this:
POST /somepage.php HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded Content-Length: THE LENGTH JDF8W9JHF=blah&OEROWF83=blah&VLKDSFOE=some_email
Note that the field names are changed to random strings, and they also change every time the form is shown, so:
1 – Even if a user in the middle can see the packets, he/she won’t know that OEROWF83 stands for “password”.
2 – A spam software won’t have a way of guessing the field names because they are random every time. There is also a secret encryption key which you only know what it is.
Questions and comments are welcome
Back To Top
Back To Previous Page
Author Bio
Hamid Alipour is a partner in Codehead, LLP with his wife, Tess. Hamid speaks 12 markup and programming languages [Yes, 12: PHP, CSS, Ajax, JavaScript, HTML/XHTML, Java, Python, C/C++, ASP, Visual Basic, Scheme and Action Script]; has a penchant for solving the unsolvable; an affinity for clean, hand-written code and is a Zend Certified 
Services
Blog
Tools
About
Contact
Blog Home