duanqian3464 2017-01-14 02:03
浏览 72

新公司的网络安全 - 我这样做了吗?

I've been working on a social media management tool company for the last eight months. This will be the first major website I release and I have concerns about its security and systems. Obviously security must be a very high priority as my target customers are businesses and individuals who are looking to grow their social followings. If my company's site gets hacked and any of my client's profiles get accessed it would destroy any reputation I had built up and massively slow down progression of the company. So today I'm wanting to share with you all how I wrote the site and see if there are any security flaws I could run into, or if there's a better way to write any of the systems I have in place.

Server systems (Java side of things)

When I first started working on this company I mainly knew Java as I worked with it in a few previous jobs. While other languages may be similar and more powerful, such as C++, I decided to stick to what I knew best. I felt like I still made the correct choice when I was 30,000+ lines in as my servers were running with every little CPU usage and only using 11% - 24% of it's allocated 64MBs of memory. Figured switching at any point to C++ or similar wouldn't be worth the time for such little possible performance improvement.

I have a server running for each social profile. If a client has an account with a Facebook page and two Twitter accounts there will be three servers running for that client. Each one will load specific modules of my software depending on the social platform (Facebook vs Twitter etc). The reason why I wanted one server per social profile is that some payment plans could add more and more social profiles. With more and more social profiles I'd need more and more resources to run that server. I'd rather have the minimum assigned to each social profile server than have to constantly adjust the performance of one large server for a client with 13 social profiles (as an example). Another benefit is to be able to easily remove social profiles, or to "overflow" servers to another box if my current box becomes full and a client request another social profile server. If I would need to expand a large server due to increase request in social profiles on an already full box that may become messy. Is this wrong to do? Is there any flaws in my logic here?

These servers will handle the jobs of post scheduling, listening for "social events" (new followers, direct messages etc) and reacting accordingly to them based on my site's features.

Account registration

I have the typical registration system with an email, a password and a confirm password. I currently don't have a confirm email system but of course that'll be added before launch. Would having a "remember me" option open up any security flaws? If so what ones and what actions could I take to prevent them?

My current system doesn't use MySQL in PHP at all. I use socket communication to send the information to my Java servers to create an account in my MySQL database. There's a Java server used just for "general" communication that isn't meant to be for a specific social profile. The main reason for wanting to create an account on the Java side instead of in PHP is that once I add iOS and Android apps I can easily sent the same sockets to create an account within the app. Would sending sockets to communicate to a Java server to run the MySQL query cause any problems?

What is the absolute most correct and secure way to handle account registration?

Server to browser communication

I am using AJAX to communicate with a PHP script that uses sockets to communicate with my Java servers. Here's a basic example of an AJAX call:

$(document).on("click", ".trash", function() {
    //TODO: Add a "are you sure" pop up
    var element = $(this).closest(".scheduleddata");
    var socialCount = element.attr("socialcount");
    var botIndex = element.attr("botid");
    element.css("display", "none");
    element.html("");
    $.ajax({
        url: "/client.php",
        type: "POST",
        dataType: "JSON",
        data: {
            packet: "62:" + botIndex,
            socialCount: socialCount
        },
        timeout: 15000,
        async: true
    });
});

Packet ID "62" is meant to delete a scheduled post. Each bot index is a completely unique identifier for each scheduled post. The social count is a counter for each social profile attached to that client's account. For example if I have four social profiles linked to my account I could communicate with a server that has a social count of 1 - 4. If a friend of mine makes an account and links two social profiles to their account, they can communicate with social counts 1 - 2. So the social count is only unique to each client's account. It could be completely possible to make the social counts completely unique. Using the previous example I'd have access to social counts 1 - 4 and my friend would have 5 - 6. Would that be a more ideal system to prevent possible attackers from knowing that social count #1 would always exist?

There is a client/account ID as well, as expected it is the auto incrementing integer in the accounts MySQL table. I used to require the client ID to be sent in the data of the AJAX calls but then I learned that anyone could then communicate with any servers on my service through AJAX and that's obviously not good at all. Currently I have the client ID stored in a PHP session variable when they login. So because I have the first account ever created on the site my client ID is 1, a friend of mine who is helping me test is 2, etc. The client ID is never displayed, loaded, stored, or used anywhere but the session variable. Is there any security flaws to this? If someone could edit that variable and sent the right packets they could communicate with other client's social profiles and that's not good obviously.

For my client.php code I load the address and port of the targeted server:

<?php
if(isset($_POST['packet']) && isset($_POST['socialCount'])) {
    $socialCount = $_POST['socialCount'];
    if($socialCount > 0) {
        echo json_encode(client::send(strip_tags($_POST['packet']), null, -1, $socialCount));
    }
}

class client {
    public static function send($message, $address, $clientID, $socialCount) {
        if(!isset($_SESSION)) {
            session_start();
        }
        $message = strip_tags($message);
        if($clientID == -1) {
            $clientID = 0;
            if(isset($_SESSION['client_id'])) {
                $clientID = $_SESSION['client_id'];
            } else {
                return null;
            }
        }
        $message .= "
";
        $port = 3000;
        if(isset($_SESSION["location"][$clientID][$socialCount])) {
            $location = explode(":", $_SESSION["location"][$clientID][$socialCount]);
            $address = $location[0];
            $port = $location[1];
        } else {
            if($address == null) {
                if($clientID == 0 || $socialCount == 0) {
                    $address = "localhost";
                } else {
                    $reply = client::send("14:" . $clientID . ":" . $socialCount, "localhost", 0, 0);
                    if(strcmp($reply, "-1") == 0) {
                        $address = "localhost";
                    } else {
                        $result = explode(':', $reply);
                        $address = $result[0];
                        $port = $result[1];
                    }
                }
            }
            $_SESSION["location"][$clientID][$socialCount] = $address . ":" . $port;
        }
        $socket = socket_create(AF_INET, SOCK_STREAM, getprotobyname('tcp'));
        try {
            socket_connect($socket, $address, $port);
            $message = utf8_encode($message);
            $status = socket_sendto($socket, $message, strlen($message), MSG_EOF, $address, $port);
            if($status != false && $next = utf8_decode(socket_read($socket, $port)))  {
                return substr($next, 2);
            }
        } catch(Exception $e) {

        }
        return null;
    }
}
?>

I feel like most of this code could be improved, I wrote it when I first started learning PHP so please excuse any sloppyness. I am currently storing the returned address:port into a session variable so I only have to load it once. There are some parts of the company that send packets to external servers that my clients set up. So the address/port of their social profile would be public information anyways. I'm blocking incoming communication from IP addresses that are not "whitelisted". These "whitelisted" IPs will be all of my own boxes for now. So I will just be sending packets and not receiving them ideally. Are there any problems with this system?

On a side note, I believe the way Java and PHP encode unicode is different. Whenever I encode unicode and send it from the Java server to the PHP server and I decode it, it doesn't work. How could I fix this problem? I've been having problems figuring this one out for months.

Security measures already in place

As you saw above I'm already using strip_tags and removing all things I can from AJAX calls. I am also buying a standard SSL from GoDaddy, and I'll be upgrading to their most powerful SSL plan once the company starts turning a decent profit.

What are some other basic security that I should be implementing into my site?

Conclusion

As you can see for the type of company I'm trying to launch it seems that security is very important. I'd absolutely love to hear any input and advice anyone has. Thank you to anyone who spent the time to read the full post!

  • 写回答

0条回答

    报告相同问题?

    悬赏问题

    • ¥15 求差集那个函数有问题,有无佬可以解决
    • ¥15 【提问】基于Invest的水源涵养
    • ¥20 微信网友居然可以通过vx号找到我绑的手机号
    • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
    • ¥15 解riccati方程组
    • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
    • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
    • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
    • ¥50 树莓派安卓APK系统签名
    • ¥65 汇编语言除法溢出问题