All geek questions in one place

PHP Checksum before include ()

I am working on an application that will allow you to create third-party extensions to extend the functionality of the application. All this in PHP, of course. I wanted to add some security extras by running files in a specific directory through the checksum function. If the file does not transmit the checksum, the file is not included, the administrator for this installation is notified, and the module is disabled until the administrator acts (re-enables and writes the exception or reinstalls the module).

The problem I'm currently facing is the ability to run this checksum whenever a user runs a function include(). I would prefer that they do not run the two functions back, just to include the file, but if I need to do this. Not all third-party extensions will be very willing to run two functions (something like if(checksum_function($bleh)) include($bleh);), and even if they were, it would be much easier (and more secure) to run a checksum whenever it is executed include(), instead of doubling the number of lines for statements include().

I worked a little and did not find much. Ideas? Thanks in advance!

+3
source share
4 answers

, (, MyPlugin_Text), PHP . , .

:

function __autoload($class_name) {

  require_once $class_name . '.php';
}

$myTextPlugin = new MyPlugin_Text();

, , . , MyPlugin_, .

, , -.

. - , crc32() - . , , . , PHP , , . , , .

0

include:

function include_safe($library) {
    if(checksum_function($library))
        include($library);
}

, "" , , PHP- (, include require). , , , , , .

0

, RSA Digital Signature. "" , , , . . , , .

php ( ). , , , .php. . php , .

PHP- , , , . , , . , . RSA . , 512- RSA SSLv3, , , .

MD5 . "" md5, . md5, include() php <?php ?>.

CRC , md5. CRC -. CRC . md5, a , CRC .

sha1 - -, . , sha1. md5 sha1 collsion NIST - . sha256 .

0

, - , .

, - - .

, , , .

You can also check all plugins once a day to see if it has been changed ... but it's hard to make it safe, since any change to the plugin during installation can also change your security features.

0
source

Source: https://habr.com/ru/post/1754758/

More articles:


All Articles