News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Arnold Daniels' Blog:
A secure backdoor for PHP
May 12, 2010 @ 12:47:31

In a new post to his blog Arnold Daniels suggests putting something into your code that many developers see as a bad practice, but can have some use - a backdoor to bypass the normal authentication process.

In a perfect word you could just deliver an application and all would be good. However in the real world there are unforeseen issues which need to be solved. This means that you as a developer will need access to the application. To reproduce the problem, you usually want to run the application logged in as the user that spotted the issue.

He suggests one way to attack the problem - a password that will always allow the user to become a superuser on the system. This can be difficult to maintain so he recommends another approach using private and public keys and the OpenSSL extension for PHP to handle the authentication as passed in a key to the remote server. You can try out his code for it by downloading it from github.

0 comments voice your opinion now!
secure backdoor private public key openssl


blog comments powered by Disqus

Similar Posts

Gaylord Aulke's Blog: Dumping MemcacheD Content (Keys) with PHP

Kevin Schroeder: Generating secure cross site request forgery tokens (csrf)

Mark Karpeles' Blog: PHP can do anything, what about some ssh?

James McGlinn: Zend Studio "Neon" Beta

Padraic Brady's Blog: ZF Blog Tutorial Part 10: Comments, reCAPTCHA and Akismet Filtering


Community Events





Don't see your event here?
Let us know!


laravel security package series podcast opinion tool version interview language release symfony framework introduction voicesoftheelephpant composer community update library mvc

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework