Sensitive information sent insecurely - PHP

Sensitive information sent insecurely - PHP

Need

Secure transmission of sensitive information

Context

  • Usage of PHP 7.0+ for developing web applications
  • Usage of Request for making HTTP requests in Node.js
  • Usage of Auth for user authentication and authorization
  • Usage of a client library for making HTTP requests or interacting with a server
  • Usage of response for handling server responses in Node.js
  • Usage of JSON for data interchange and storage

Description

Non compliant code

        public function sendSensitiveInfo(Request $request)
{
    $user = Auth::user();
    $sensitiveInfo = $user->getSensitiveInfo();

    $client = new Client();
    $res = $client->request('GET', 'http://example.com/api/send_info', [
        'query' => ['info' => $sensitiveInfo]
    ]);

    return response()->json(['message' => 'Information sent']);
}
        
        

The current code snippet is an example of a function within a Laravel controller that sends sensitive user information to an external API. This function retrieves the authenticated user's sensitive information through the getSensitiveInfo() method and sends it as a parameter of a GET request.

The vulnerability lies in the fact that the information is being sent over an unsecured HTTP connection. This means that the data could be intercepted during transmission and read by unauthorized parties.

Additionally, the sensitive information is being sent as a query parameter in the URL. URLs are often logged in various places such as browser history, proxy servers, and web server logs. This exposes the sensitive information to potential leakage.

Furthermore, the GET method is being used to send the information. In HTTP, GET is a method meant to retrieve data, not send it. It's not designed to carry sensitive information.

The use of the GET method and the unsecured HTTP connection together create a situation where the sensitive data is not only exposed to potential interception and unauthorized access, but it's also being handled in a way that's not best practice.

Steps

  • Replace the HTTP protocol with HTTPS to ensure the data is encrypted during transmission.
  • Use POST method instead of GET for sending sensitive information. GET parameters are visible in URL and can be stored in logs, while POST data is sent in the body of the request and is more secure.
  • Consider using a secure method to send sensitive data, such as encrypting the data before sending it.
  • Avoid sending sensitive data as a query parameter. Instead, send it in the body of the request.
  • Validate and sanitize the sensitive data before sending it to prevent any form of injection attacks.

Compliant code

        public function sendSensitiveInfo(Request $request)
{
    $user = Auth::user();
    $sensitiveInfo = $user->getSensitiveInfo();

    // Encrypt the sensitive information before sending
    $encryptedInfo = encrypt($sensitiveInfo);

    $client = new Client(['base_uri' => 'https://example.com']);
    $res = $client->request('POST', '/api/send_info', [
        'form_params' => ['info' => $encryptedInfo]
    ]);

    return response()->json(['message' => 'Information sent']);
}
        
        

The updated code now uses the HTTPS protocol instead of HTTP when sending the request. This ensures that the data is encrypted during transmission, providing a layer of security against potential eavesdroppers.

The request method has been changed from GET to POST. This is because GET parameters are visible in the URL and can be stored in logs, making them less secure for transmitting sensitive information. POST data, on the other hand, is sent in the body of the request and is not exposed in the URL or stored in browser history.

The sensitive information is encrypted before being sent. Laravel's encrypt function is used for this purpose. This function uses OpenSSL to provide AES-256 and AES-128 encryption. The encrypted data is then sent in the body of the request.

The sensitive data is no longer sent as a query parameter. Instead, it is sent in the body of the request. This is more secure as it hides the data from being exposed in the URL or logs.

Please note that this code assumes that the server at 'https://example.com' is set up to handle HTTPS requests, and that it can decrypt the data using Laravel's decrypt function.

References