Go Back   TechArena Community > Software > Software Development
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Reply
 
Thread Tools Search this Thread
  #1  
Old 30-10-2009
Member
 
Join Date: Sep 2009
Posts: 177
Display menu according to session and security

Early security issues:

I have a site with authentication (two different types of users). Thus, according to the type of user logged on, I want to display a specific menu.

When it connects, I open a session and attribute him his rights (eg $_SESSION['right_user'] = admin or user...)

Then when I open the page I retrieved the value of session and I compare:
Code:
switch($_SESSION['right_user'])
case "admin": include("menu_admin.php" );
break;
case "user": include("menu_user.php" );
break
My questions:
1 - Using "include" with session variables is secure? if it is not secure, ten what do you offer me?
2 - From a security point of view, the session variables are well protected?
Reply With Quote
  #2  
Old 30-10-2009
Member
 
Join Date: Apr 2008
Posts: 2,001
Re: Display menu according to session and security

1 - yes, you can do that for testing out the contents of $_SESSION['right_user'] (you know where and how it changed)
2- yes. the issue is rather to point to change the value of its variable. If the user can act on the scripts that update the session variables, you have a risk.
Reply With Quote
  #3  
Old 30-10-2009
Member
 
Join Date: Sep 2009
Posts: 177
Re: Display menu according to session and security

Thank you for your reply.

How a user can do it on the scripts? I try to document a maximum on the flaws of websites, can you provide an explanation or any other things that can be used to protect a website?
Reply With Quote
  #4  
Old 30-10-2009
XSI XSI is offline
Member
 
Join Date: May 2008
Posts: 271
Re: Display menu according to session and security

You just need to verify in menu_admin.php that your session is one of the admin ...

Later, at fault, everything that comes from the user is a potential hole (ie not necessarily reliable):
- The user agent
- Ip address
- The downloaded file
- The contents of $_POST
- The contents of $_GET
- ...

in short, everything that your customer does not read a page, but interact with it.
Reply With Quote
Reply

  TechArena Community > Software > Software Development
Tags: , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Display menu according to session and security"
Thread Thread Starter Forum Replies Last Post
Difference between root session and standard user session in gimp Gajagamini Operating Systems 4 17-01-2011 11:14 AM
I want Opera to display Menu at the top Mustafa k Technology & Internet 5 07-01-2011 07:38 AM
Windows 7 console session becomes unresponsive after Remote desktop session Krishanu Networking & Security 4 24-12-2010 07:58 AM
Display of the Program Menu In Windows 7 As the Cascade Menu dinkster Customize Desktop 4 04-12-2010 11:14 PM
JavaScript to Show time countdown display after .net session timeout Taipai Software Development 3 16-05-2009 02:00 PM


All times are GMT +5.5. The time now is 10:58 AM.