I am making a CMS which can be extended by third-party developers. In the past I have had problems with newbie developers ignoring security all together. When they put their modules on my website, they are potentially compromising users websites.
I want to create a globals object. This will overwrite all globals with a sanitized copy. This could cause issues, so this object will also provide an option to get unsanitized data.
This way, by default, developers could theoretically do something like this and it’s effect wouldn’t be as bad as it usually would be. (Obviously this would still potentially cause problems however tables won’t be dropped and data won’t be exposed.)
mysql_query("INSERT INTO users (`name`) VALUES ('{$_POST['name']}')");
This doesn’t protect against developers who intentionally try to break things. However, it will help eliminate basic mistakes.
The end object would be accessed as follows.
$_POST['key']; // Provides Sanitized version of the post key.
$obj->post('key'); // Provides Sanitized version of the post key.
$obj->post_raw('key'); // Provide unsanitized version of the post key.
What do people think about this approach? Is there a proven ‘escape all’ function floating around that would achieve this?
You’re basically talking about reimplementing
magic_quotes_gpc. It didn’t go that well when Zend did it.The largest problems are 1) different forms of data protection are necessary for different contexts, and 2) if somebody is too much of a noob to do elementary data security, they’re definitely too much of a noob to understand what data your auto-protection mechanism has been applied to and which it hasn’t. (They will source data from places your mechanism does not and cannot touch; take this as a given.)