How do i make $_GET more secure.?

Question

I am using the get method to perform some operation like, approve, markasspam, delete, for commenting system. i know it is highly insecure to go this way but i cannot help it ou

Answer 1

You shouldn't use GET for any operations that change data on server. NEVER. You use it only to get data.

If you can't use forms for operation buttons (because there is another form outside them) you should consider this design:

• You use AJAX to perform POST requests to your server
• In javascript-disabled environments you use GET links like user.php?action=delete, which shows you very simple form on a separate page. The header in the form asks: "Are you sure you want to delete user X?" and it has two buttons: 1) "Yes" - that submits POST request to operation script, 2) "No" - which sends user back to the page where he has been

Answer 2

Whether you use GET or POST parameters here doesn't matter much in this context - what the script needs first is some sort of authentication. (After that is done, you can go into security details where GET is slightly less secure than POST - see the comments for details.)

I'd say you have two options:

• Protecting the entire script using .htaccess - no changes needed to the script itself

• Introducing PHP side user authentication and perform the operations only if a logged in user makes the request. Needs fundamental changes to the script but is most flexible.

Re your edit:

It turns out your script is already protected. In that case I assume you are uncomfortable with incremental ID numbers turning up in the URLs, getting cached in the browser etc. etc. The usual solution to that is to generate a random key for each comment when it is created (in addition to the incremental ID). That key gets stored in a separate column (don't forget to add an index) and you'd match against that.

A step even further would be to create temporary hashes for every action, which is the ultimate protection against a number of outside attacks.

Re your edit about using one-time hashes:

I've never implemented one-time hashes in an admin interface yet so I have no experience with this, but I imagine that a very simple implementation would store action hashes in a separate table with the columns hash, record and action. Whenever your tool lists a number of records and outputs "delete / approve / unapprove" links, it would generate three record in the hash table for each comment: One for delete, one for approve, one for unapprove. The "delete / approve /unapprove" links would then, instead of the record ID and command, get the correct hash as the only parameter.

Add a time-out function for unused hashes (plus delete any hashes that were actually used) and you're done.

Answer 3

You can do it that way, the $_GET is not the unsecure thing in your code. The unsecurity comes from you not checking wether the user is e.g. authorized to delete comments.

In your current code, anyone can delete anything at anytime and as often as they want.

If you have a wrapping code that ensures the if-statements postet by you are not executed if enter good reason here, then it's okay.

But you should try verifying, that the content of the parameters are really integers instead of just int_val'ing them and using them directly on the database.

On your edit

You should check your parameter is really an int. intval("test") will also return an integer, mostly 0.

You might consider regex for that, to verify the string only consists of numbers: preg_match('/[0-9]+/', $_GET['id']);

If so, you can perform the action.