Difference between #1 and #2 of More security in your applications with Yii and PHPIDS

changed
Title
More security in your applications with Yii and PHPIDS [automatic
translation]
unchanged
Category
How-tos
unchanged
Tags
phpids, security
changed
Content
PHPIDS is a well known project that can be
foundseen in [php-ids.org](http://php-ids.org
"php-ids.org"). 

PHPIDS is an intrusion detection system, essentially based on 
IDS rules recognizes attacks by filtering information sent to the 
system and returns a rating and a report of what is 
considered a potential attack. From this information the system 
can react to the attack, send e-mail alerts, generate detailed logs, 
block the user, generate black list, etc.. 

The project PHPIDS was encapsulated in the form of the application component 
Yii and can be downloaded at
[http://www.yiiframework.com/extension/phpids](http://www.yiiframework.com/extension/phpids/
"http://www.yiiframework.com/extension/phpids")/ along with its
instructions, installationnext to your instructions 
installation and use. 

This how-to showsshows, and since its installation
and in more detail some uses.
uses. 

This component was tested on versions 1.1.5 and 1.1.4 with PHP 5.2. The 
current version of the component is 0.2 in the inscription of how-to. 

**1) Installation**
----------------- 

Download the latest version of the component in PHPIDS 
[http://www.yiiframework.com/extension/phpids/](http://www.yiiframework.com/extension/phpids/
"http://www.yiiframework.com/extension/phpids/) 

Unzip the file ... .webapp / protected / components / ids 

CreateMake the directory ... / components / ids / IDS /
tmp writable 

Update on ... main.php his / protected / config 
~~~ 
[php] 
... 
/ / 'Preload' => array ('log') 
'Preload' => array ('log', 'ids'), 
... 
components = array ( 
... 
        'ids' => array ( 
            'class' => 'application.components.ids.CPhpIds' 
        ) 
) 
~~~

Add the component 'ids'ids to preload the
preload index of your application config. 
Inapplication. In components add
add the component 'ids'input ids and
itstheir settings. The file 
above is the minimum for the operation of 'ids'.ids. 

All application forms will be filtered by the PHPIDS, the 
variables $ _REQUEST, $ _GET, $ _POST and $ _COOKIE are verified by
reported attacks types 
in
attacks reported in the IDS rules
detection.detecação. If a
potentialan attack 
potential is detected,detected before the
application is stopped 
before processing
processing of the request, an exception is thrown with a
generic message 
generic error with no details to the attacker and a detailed log is
generated. 

This log is generated by the application component Log Yii, so a 
attack can be sent by e-mail (EmailLog), or stored in a database, 
file or simply displayed in the browser with the WebLog. 


We can godevelop this further in the configuration. A
simple detail is theconfiguration, a message that is
sentsimple details 
sent to the attacker: 
~~~
[php] 
... 
'ids' => array ( 
            'Class' => 'application.components.ids.CPhpIds' 
'genericMessage' => 'Unexpected error!' 
/ / Message sent to the attacker 
        ) 
... 
~~~

The goal is that this message doeshas not give
details about the attack, nor 
inform the attacker that his attack was detected. And because the
treatment is
is given internally by the application, sending
emails,emails or by simplyAlert 
simply blocking the user. 

This message does not enter the log, the details of the attack are
generated
generated and sent to the logging component. 

**2) Reacting to the attack:** 
---------------------- 

~~~
[php] 
... 
'Ids' => array ( 
            'Class' => 'application.components.ids.CPhpIds' 
'GenericMessage' => 'Unexpected error!' 
/ / Message sent to the attacker 
'Callback' => create_function (''," echo 'Error!'; 
Yii:: app () -> end (); return false; ") 
        ) 
... 
~~~

The callback parameter receives a valid callback as parameter, see 
call_user_func function in the PHP Manual. It canmay be a
function, or a 
class and the method that should be called. In the above example we create a 
simple function that prints error anderror,
terminates the application. 

Through this configuration, the developer can handle in a better way
detectedthe best 
detected attacks, sending emails, alerts, creating a black list,
removing
removing user access, ending the session, etc.. 
After the processingAfter 
processing of the callback,  defaultcallback
exception default component will ** not ** 
trigger, so
released, ending the request is the responsibility of
developer
developer using the function / method passed as callback. 

**3) Enabling / Disabling** 
---------------------------- 
~~~
[php] 
... 
'Ids' => array ( 
            'Class' => 'application.components.ids.CPhpIds' 
'GenericMessage' => 'Unexpected error!' 
/ / Message sent to the attacker 
'Callback' => create_function (''," echo 'Error!'; 
Yii:: app () -> end (); return false; ") 
'Enable' => ('',' create_function return $ _GET ["r"]! = 
Site / contact ";'), 
        ) 
... 
~~~


The enable parameter is used to enable or disable the execution of 
PHPIDS. 
ThisThis parameter can directly receive a boolean value, true
IDS
IDS to run the check or false not to run. ItOr you
can also receive
receive a valid callback that should return a boolean value. With this 
IDS configuration can be activated in theonly a few
requests you want, based
based on the rules of valid callback passed as parameter. See
call_user_func
call_user_func function to learn more about valid
callbacks.callbacks valid. 


**4) Next version 0.3**
-------------------------- 

- For next release, more configuration possibilities of PHPIDS, 
Log internal as IDS, tmp folder and others. 

- Having your major change in processing the callback, which received 
as a parameter to assess the impact of the attack, so the developer 
can decide how to react based on the knowledge level of the attacker. 

**5) How to upgrade?** 
----------------------- 

Download the updated file default_rules.xml [http://php- 
ids.org /](http://php-ids.org/ "http://php-ids.org/") and replace the
version 
old in the ... / public / components / ids / IDS 


Credits and thanks the team of developers PHPIDS. 
-------------------------------------------------- --------------