2

Say I have a simple php file that handles the uploading of data to a webserver using a JSON string.

Let’s say it’s a POST request to /upload.php

The web server does not have user/ any kind of login credentials.

In order to prevent any random person from uploading data if they happen to stumble upon this url, would it be bad practice to have a simple pass phrase check hardcoded in the php code?

Imagine including in the json string {“passcode”:”123abc”}

Where the server determines whether or not this pass phrase is present, or correct. And if it is not, it simply does nothing.

Pseudo code would be something like. 

If (json[“passcode”] == “123abc”)
{
    Upload
}
Else
{
    Throw404
}

The passcode will have to be entered in a text box or something of the sort whenever a person wants to upload.

Like entering a password to log into a social network.

If this is bad practice, is there another alternative that doesn’t require users and various authentications?

Bigbob556677
  • 1,805
  • 1
  • 13
  • 38
  • 1
    "bad practice" is a very broad term. Your approach does the job well. But it must be combined with HTTPS to be secure – Andrii Maletskyi Jun 02 '18 at 00:26
  • basically, if you don't want to introduce concept of "users", there will be no alternative - everyone would have to use the one shared password. Just make sure you generate strong password, and client code includes it in the payload, not URL – Andrii Maletskyi Jun 02 '18 at 00:37
  • There are plenty of alternatives. – Progrock Jun 02 '18 at 01:22

2 Answers2

2

for something as sensitive as uploading data to your server, my gut feeling is that this is not ok - even if this is meant to be used by 2-3 people in a small company - its a "keys to the kingdom" type of thing if only ONE of your people make a mistake.

You should expand the security behind your script with more forms of protection:

  • IP restriction
  • password hashing or encrypting/decrypting (never send plain text passwords)
  • giving each user their own USERNAME and PASSWORD

Its not too much extra work and you can find many resources online.

Your original solution would be ok maybe if it was a READ ONLY type page you were protecting, maybe a list of sales or something, but uploading directly to your server is very dangerous and should be protected as much as possible.

Dan
  • 3,755
  • 4
  • 27
  • 38
0

Of course it is bad practice. There is no point of adding "secret string" since you have to pass it when you want to upload picture for real, so it's actually not "secret". Best practice is using web tokens. JWT would be enough.

There is nice tutorial here.

Edit: If you really don't want to mess with authentication there is still better option than your "secret string". Here is great answer.

someRandomSerbianGuy
  • 471
  • 4
  • 18
  • The pass phrase wouldn’t be stored in the html/JavaScript anywhere. It would simply require a user to type it in by memory and then send it over HTTPS to the server which will then determine if the user typed the correct one. Which only admins of the server would know what the code was, so if they forget they could just look at the php file. – Bigbob556677 Jun 02 '18 at 00:30
  • your great answer is answering completely different question – Andrii Maletskyi Jun 02 '18 at 00:30
  • @Philip556677 I can see that being useful if it's school project and not project for masses since just people who knows "secret string" can upload things to server. – someRandomSerbianGuy Jun 02 '18 at 00:37
  • @AndriyMaletsky It's not. By allowing POST requests from specific page/form people cannot just "randomly stumble" on page and POST something to it since they are not doing it from correct form. – someRandomSerbianGuy Jun 02 '18 at 00:39
  • @someRandomSerbianGuy For example: the form will have two fields: "data" and "key". If key is correct, data is saved. Then this form can be used only by those, who obtained the key from the author. – Andrii Maletskyi Jun 02 '18 at 00:45
  • @AndriyMaletsky Yet again, he asked if it's good practice and I said it's not. And in "my great answer" I provided solution that is more safe since just form that was generated by his server could POST to it. – someRandomSerbianGuy Jun 02 '18 at 01:00
  • "more safe" argument doesn't make sense, because it doesn't solve author's task, but solves a different one. Consider answer given by @Dan as an example of good answer. – Andrii Maletskyi Jun 02 '18 at 01:07
  • @AndriyMaletsky He literally answered in same way. 3) is my token answer, 2 and 1) are done using "my great answer" I really don't see problem here – someRandomSerbianGuy Jun 02 '18 at 01:09