23.12.2012 Posted July 18, 2011 Share Posted July 18, 2011 I was thinking the other day about website defacement and I was struck by this idea. What if we manually generated the MD5 for the index file and checked it against the MD5 of the file to be loaded by the browser? This way, if someone uploaded a hacked file to the server, we would have a way to prevent it from being displayed to the users. So the code would look like this // ...if(md5_file('index.php') == GEN_MD5) { // GEN_MD5 is the manually generated MD5 require_once 'index.php';} else { require_once 'backup_index.php';}// ... Would it be a good way to protect a website against this type of vulnerability? The only downside I see is that if you forget to generate a new MD5 after altering the index file, the application breaks. Let me know what you think! Thank you in advance! Link to comment Share on other sites More sharing options...
justsomeguy Posted July 18, 2011 Share Posted July 18, 2011 As long as the hash is being included from another file that should be fine. If you define the hash inside the index file that's not going to work.Then again, if someone is uploading hacked files to the server then they probably aren't going to include your code in their uploaded file, will they? If someone is uploading files to your server without authorization then you've already lost. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.