Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
In object-oriented PHP application, do I need to use authentication check in almost every public method in my application for security?
I’m worried about this vulnerability: CWE-306: Missing Authentication for Critical Function
How anyone could call my public methods, even if I use static keyword?
What are the requirements for this attack to succeed?
Like some another vulnerability – Like allowing PHP file uploads to my system?
As the article states, this won’t be a problem if you structure you application properly. Whether your class has public or private methods is not the issue here, the problem is that the pathways to your application are not secured.
Your application should be structured so that it provides only a single point of entry. Any request to any file should be routed through your main file. None of your other PHP files should accessible directly. When you structure it this way, it’s easy for you to apply your authentication as you would be able to examine each request that comes to your application and identify which need to be authenticated and which can be served publicly.
Have a look at this pattern : http://en.wikipedia.org/wiki/Front_Controller_pattern