Summary
In Chapter 15, we continued our discussion of script vulnerabilities, focusing here on protecting temporary files.
We began with a discussion of the importance of temporary files, including their locations, their permanence, and the risks they present, both for exposing your private data, and for presenting an opportunity for an attacker to hijack your file and substitute one of his own.
After an example of such an exploit, we turned to discussing various ways to prevent such abuse: securing network connections, creating unguessable filenames, restricting permissions, and writing to and reading from known files only.
Finally, we provided a model for a test of your protection against attempts to hijack temporary files.
In Chapter 16, we will move on to the last stage in our survey of ways to keep your application scripts as secure as possible; there we will discuss securing scripts in order to prevent session hijacking.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Rights and permissions
Copyright information
© 2005 Chris Snyder and Michael Southwell
About this chapter
Cite this chapter
(2005). Enforcing Security for Temporary Files. In: Pro PHP Security. Apress. https://doi.org/10.1007/978-1-4302-0057-4_15
Download citation
DOI: https://doi.org/10.1007/978-1-4302-0057-4_15
Publisher Name: Apress
Print ISBN: 978-1-59059-508-4
Online ISBN: 978-1-4302-0057-4
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books