Comments on: login (security through obscurity) – weird PHP script

By: Sandeep nain

Sandeep nain — Mon, 10 Sep 2007 01:37:43 +0000

Yes you are right and thats what Backbone has tried to explain above.

he clearly mentions that in the script he has given you need not to do that…

Backbone said:
As far as I see through this method there is no SQL Injection possibility, no need of mysql_real_escape_string() or to worry about hex encoded strings, etc

and he is trying to implement security through obscurity…

By: Sank

Sank — Sun, 09 Sep 2007 20:15:27 +0000

As long as you remove quotes and slashes and whatnot, you should be able to prevent the injection.

By: Sandeep nain

Sandeep nain — Sun, 09 Sep 2007 07:15:30 +0000

Hi sank

Yes you are right he could have used the method you suggested (and most of the developers use it the same way) but it opens up the chances of sql injection..

where as the script written by backbone reduces that risk but on the other hand this script lacks performace… As this script gonna give a shocking performance on a table with 1000s of users….

irony is …. he got a prize for this script… but still its a good try from his side

By: Sank

Sank — Sun, 09 Sep 2007 03:35:31 +0000

I don't understand why you go through the trouble of looping instead of just letting the database do it for you? $build = "SELECT * FROM usr WHERE uname='".$uname."' AND passwd='" .md5($passwd). "'; If zero rows returned, done. Else 1 row returned, done.

By: secure PHP login script « Insane Security

secure PHP login script « Insane Security — Thu, 02 Aug 2007 02:11:24 +0000

[...] 2nd, 2007 This is the finalization of the insane idea I had when publishing the login (security through obscurity) – weird PHP script, idea that could not have been finalized without the post that Stephen did as a response to [...]

By: bl

bl — Mon, 07 May 2007 17:22:33 +0000

I agree with those that think this is a bit overkill and think that there are better solutions.

1. Loop through the results like the person said above.

2. Use mysql_real_escape_string() Like someone else said

3. or, don’t allow anything except for word chars in their username, and use preg_replace(’/[^\w]/’, ”, $usr);

That will strip any non-word chars out thus sanitizing it on the way in, which is a technique used time and time again.

I admit though, it is pretty clever.

By: UndiFineD

UndiFineD — Thu, 03 May 2007 22:25:48 +0000

Hmmm,
I’ve been out of the lamp loop for a while…

moved on to data centre management.

oh and my login script was for an intranet environment,
just to be clear on the query mess.
Still, I think this is an ok solution, for some situations.
And creativety should be sponsored and welcomed with open arms.
There aren’t enough developers and designers and some them lack proper guidans thru proper management and training.

By: backbone

backbone — Thu, 03 May 2007 20:14:58 +0000

10x UndiFineD added that to the loop… as I knew just really old,old,old while(1) { write(’old’); } versions of PHP where vulnerable to this…

By: UndiFineD

UndiFineD — Thu, 03 May 2007 14:01:14 +0000

He man, that was a great idea.
Unfortunatly there was a little flaw when I wrote it like this 2 years ago.

Some employees had the same password.
That was a sad day for me
I solved it by comparing an array of userids in a loop.
until the userid was found or the array was empty.

set your $ok=0; in the loop, this helps against
login.php?$ok=1

stay creative

By: backbone

backbone — Thu, 03 May 2007 13:06:54 +0000

that’s how my logic works…. why do you think it’s a weird script? …anyway I’ve put your double equals, don’t blame me if I use to write single equals…