Intrusion prevention will be built into Septuro core
Last night, I was up quite late due to the joys of 5 Hour Energy Drink (which is a rant for another time – I was tired as hell, but couldn’t sleep..) and I got to thinking about XSS – cross site scripting, which is a pretty nasty form of hacking. It relies on the fact that most people use cookies to remain logged into certain sites, and AJAX scripts to make requests in the background. For instance, if I set up an AJAX call here at septuro.com that pulled some page like ‘http://facebook.com/delete_account.php?confirm=yes’ and that URL would delete the account of the logged in user, and assume you had already confirmed, then anyone who came to septuro.com would have their facebook account deleted. Even though that attack was carried out by septuro.com, it was technically your browser (and your cookies) that made the request to facebook.com.
Of coure, that example is a pretty straightforward (and totally made up) example of XSS, but the concept is there. While thinking about this, I realized that the way Septuro loads all of its post data, we could set a filtration on XSS (and SQL injection!) right at the core of the system. When Septuro begins to do its thing, it loads all post, get, cookie and session data into a parameters list, which any module can access through a static method in the controller. If the module could always be assured that this data was sanitized at the core, then every module and plugin maker can feel safe implicitly trusting data provided by the controller.
All it would take is some sanitizing functions in the core that filter out XSS and SQL injection attempts at the root level. Combine this with some hooks for plugins to latch onto – for instance an ‘intrusion_detection’ hook, and a plugin can be fairly easily whipped up that uses the ‘intrusion_detection’ hook and the ‘page_request’ hook to add hackers to a black list… although getting the hooks written in is a totally separate matter that still needs some work.
This is like how Linux prevents administrative action at the core and requires a sudo user password. Any program that needs administrative rights can feel safe that the core system made sure that the action has been cleared and is safe. That system kept Linux very secure, and preventing any attack based on get, post, cookie or session right at the core will make Septuro equally secure.
