Hacker News new | ask | show | jobs
by Dinius 3524 days ago
Something like this: (PHP felt like the right approach here :p)

        if ($selectedOption == SECURITY_QUESTION)
  	{
  		if (isset($_POST["SecurityQuestion0"]) && isset(["SecurityQuestion1"]))
  		{
    			if ($_POST["SecurityQuestion0"] != $answer0 || $_POST["SecurityQuestion1"] != $answer1)
  			{
  				// invalid answers
  				return;
  			}
  		}

  		authenticateUser();
  	}
2 comments
dkopi 3524 days ago
More likely along the lines of

  if ((isset($_POST["SecurityQuestion0"]) && $_POST["SecurityQuestion0"] != $answer0) || 
  (isset($_POST["SecurityQuestion1"]) && $_POST["SecurityQuestion1"] != $answer1)
link
Chyzwar 3523 days ago
You should use !==.

isset is do not handle all corner cases, it would return true for empty strings or false for NULL. You should use framework like Laravel: Input::has('key')

By design type of security challenge should not be an option. API endpoint should not check for $selectedOption == SECURITY_QUESTION. In this case you still vulnerable for the same attack.

You always should return something. having just return; is bad.

Finally you should use something safer than PHP since mistake can cost you money.

link