Difference between #2 and #1 of More security in your applications with Yii and PHPIDS

changed
Title
More security in your applications with Yii and PHPIDS [automatic
translation]
unchanged
Category
How-tos
unchanged
Tags
phpids, security
changed
Content
PHPIDS is a well known project that can be
seenfound in [php-ids.org](http://php-ids.org
"php-ids.org"). 

PHPIDS is an intrusion detection system, essentially based on 
IDS rules recognizes attacks by filtering information sent to the 
system and returns a rating and a report of what is 
considered a potential attack. From this information the system 
can react to the attack, send e-mail alerts, generate detailed logs, 
block the user, generate black list, etc.. 

The project PHPIDS was encapsulated in the form of the application component 
Yii and can be downloaded at
[http://www.yiiframework.com/extension/phpids](http://www.yiiframework.com/extension/phpids/
"http://www.yiiframework.com/extension/phpids")/ next to your
instructions 
installationalong with its instructions, installation and use. 

This how-to shows, and sinceshows its installation
and in more detail some 
uses.uses. 

This component was tested on versions 1.1.5 and 1.1.4 with PHP 5.2. The 
current version of the component is 0.2 in the inscription of how-to. 

**1) Installation**
----------------- 

Download the latest version of the component in PHPIDS 
[http://www.yiiframework.com/extension/phpids/](http://www.yiiframework.com/extension/phpids/
"http://www.yiiframework.com/extension/phpids/) 

Unzip the file ... .webapp / protected / components / ids 

MakeCreate the directory ... / components / ids / IDS /
tmp writable 

Update on ... main.php his / protected / config 
~~~ 
[php] 
... 
/ / 'Preload' => array ('log') 
'Preload' => array ('log', 'ids'), 
... 
components = array ( 
... 
        'ids' => array ( 
            'class' => 'application.components.ids.CPhpIds' 
        ) 
) 
~~~

Add the component ids'ids' to preload the
application. Inpreload index of your application config. 
In components 
addadd the component input ids'ids' and
theirits settings. The file 
above is the minimum for the operation of ids.'ids'. 

All application forms will be filtered by the PHPIDS, the 
variables $ _REQUEST, $ _GET, $ _POST and $ _COOKIE are verified by types 
attacks reported inattacks types 
in the IDS rules detecação.detection. If
ana potential attack 
potential is detected beforedetected, the
application is stopped 
processing of
before processing the request, an exception is thrown with a
generic message 
generic error with no details to the attacker and a detailed log is
generated. 

This log is generated by the application component Log Yii, so a 
attack can be sent by e-mail (EmailLog), or stored in a database, 
file or simply displayed in the browser with the WebLog. 


We can develop thisgo further configuration,
ain the configuration. A simple detail is the message
that is simple details 
sentsent to the attacker: 
~~~
[php] 
... 
'ids' => array ( 
            'Class' => 'application.components.ids.CPhpIds' 
'genericMessage' => 'Unexpected error!' 
/ / Message sent to the attacker 
        ) 
... 
~~~

The goal is that this message hasdoes not give
details about the attack, nor 
inform the attacker that his attack was detected. And because the
treatment 
isis given internally by the application, sending
emailsemails, or Alert 
simplyby simply blocking the user. 

This message does not enter the log, the details of the attack are 
generatedgenerated and sent to the logging component. 

**2) Reacting to the attack:** 
---------------------- 

~~~
[php] 
... 
'Ids' => array ( 
            'Class' => 'application.components.ids.CPhpIds' 
'GenericMessage' => 'Unexpected error!' 
/ / Message sent to the attacker 
'Callback' => create_function (''," echo 'Error!'; 
Yii:: app () -> end (); return false; ") 
        ) 
... 
~~~

The callback parameter receives a valid callback as parameter, see 
call_user_func function in the PHP Manual. It maycan be a
function, or a 
class and the method that should be called. In the above example we create a 
simple function that prints error,error and
terminates the application. 

Through this configuration, the developer can handle in the best 
detecteda better way detected attacks, sending emails, alerts,
creating a black list, 
removingremoving user access, ending the session, etc..
After 
processing
After the processing of the callbackcallback, 
default exception default component will ** not ** 
released,
trigger, so ending the request is the responsibility of 
developerdeveloper using the function / method passed as
callback. 

**3) Enabling / Disabling** 
---------------------------- 
~~~
[php] 
... 
'Ids' => array ( 
            'Class' => 'application.components.ids.CPhpIds' 
'GenericMessage' => 'Unexpected error!' 
/ / Message sent to the attacker 
'Callback' => create_function (''," echo 'Error!'; 
Yii:: app () -> end (); return false; ") 
'Enable' => ('',' create_function return $ _GET ["r"]! = 
Site / contact ";'), 
        ) 
... 
~~~


The enable parameter is used to enable or disable the execution of 
PHPIDS. This
This parameter can directly receive a boolean value, true 
IDSIDS to run the check or false not to run. Or
youIt can 
receivealso receive a valid callback that should return a
boolean value. With this 
IDS configuration can be activated in only a fewthe
requests 
basedyou want, based on the rules of valid callback passed as
parameter. See 
call_user_funccall_user_func function to learn more about
callbacks valid.valid callbacks. 


**4) Next version 0.3**
-------------------------- 

- For next release, more configuration possibilities of PHPIDS, 
Log internal as IDS, tmp folder and others. 

- Having your major change in processing the callback, which received 
as a parameter to assess the impact of the attack, so the developer 
can decide how to react based on the knowledge level of the attacker. 

**5) How to upgrade?** 
----------------------- 

Download the updated file default_rules.xml [http://php- 
ids.org /](http://php-ids.org/ "http://php-ids.org/") and replace the
version 
old in the ... / public / components / ids / IDS 


Credits and thanks the team of developers PHPIDS. 
-------------------------------------------------- --------------