473,800 Members | 2,523 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

register_global s=on question

I know that having register_global s=ON is a security risk and we have it OFF.

We want to use the GeekLog content manager and it only works with ON.

Can someone give us some coding tips on how to mitigate any possible security
problems if we turn it on? I know it has to do with a querystring that is
same as a variable name being sent in the URL. How can we prevent that and
still leave globals ON? Anyone have some simple magic?

Thanks,

Al

Jul 16 '05 #1
3 2183
With total disregard for any kind of safety measures "Adams-Blake
Co." <at************ @adams.takeme.o ut.-blake.com> leapt forth and
uttered:
I know that having register_global s=ON is a security risk and we
have it OFF.

We want to use the GeekLog content manager and it only works
with ON.

Can someone give us some coding tips on how to mitigate any
possible security problems if we turn it on? I know it has to do
with a querystring that is same as a variable name being sent in
the URL. How can we prevent that and still leave globals ON?
Anyone have some simple magic?

Thanks,

Al


rm ./geeklog -r

Thats the only sure way.

What is geeklog anyway? Have you looked into something else like
Plog? (http://plog.sourceforge.net)

--
There is no signature.....
Jul 16 '05 #2
sam
What php version are you using?

If your php version is >= 4.1.0
Then add:

import_request_ variables('GPC' );

in the header of the file.
This will imports GET/POST/COOKIE in the global scope.

If you want to import other variables like SERVER
use the function extract().

DO NOT touch your php.ini file!
HTH


"Adams-Blake Co." <at************ @adams.takeme.o ut.-blake.com> wrote in
message news:ID******** ********@newsre ad4.news.pas.ea rthlink.net...
I know that having register_global s=ON is a security risk and we have it OFF.
We want to use the GeekLog content manager and it only works with ON.

Can someone give us some coding tips on how to mitigate any possible security problems if we turn it on? I know it has to do with a querystring that is
same as a variable name being sent in the URL. How can we prevent that and
still leave globals ON? Anyone have some simple magic?

Thanks,

Al

Jul 16 '05 #3
"sam" <rb*****@carama il.com> schrieb:
If your php version is >= 4.1.0
Then add:

import_request_ variables('GPC' );

in the header of the file.
This will imports GET/POST/COOKIE in the global scope.


This is nearly the same as to use register_global s = on.

Regards,
Matthias
Jul 16 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
4
12463
register_globals ON ? / OFF ?
by: Frank | last post by:
Whats best : register_globals ON ? OR register_globals OFF ? I currently use: $_POST
PHP
1
1809
To register_globalsl=On or Not to register_globals=On
by: Useko Netsumi | last post by:
That is the question. Perhaps some of the guru can tell us why is this such a big deal. In fact, with the register_globals=On makes things easiers - Most of the old code/example/tutorial will run.
PHP
1
1576
Register_globals ON --> OFF
by: News | last post by:
All, I have some code that works just fine when register_globals is on, however, for obvious reasons, I am trying to rework the code so that I can disable register_globals. I have set my error_reporting to E_ALL, and am logging it to a file so that I can review it. Are there any "steps" to take in successfully updating the code ? Or do I just run each and every page looking for errors ?
PHP
3
1697
Register_Globals on on some website
by: Andrea A | last post by:
Is it possible to set Register Globals on or off depending on the virtual directory of apache in which PHP is running? Is it possible using only one php.ini? Thanks, A
PHP
6
2519
how to solve this problem with REGISTER_GLOBALS='On'
by: wonder | last post by:
Hi, The CRM application said that need to add an option "REGISTER_GLOBALS=On" to the php.ini file, so I did what it told. But I still can't get rid off the following error: The PHP variable "REGISTER_GLOBALS" is disabled (0). This is fatal. Edit your php.ini and set REGISTER_GLOBALS to "On". I changed the value "On" to "Yes", still getting the same error.
PHP
12
3300
turn off register_globals on a shared server
by: aeldaly | last post by:
Hello all, My shared server provider has register_globals on. I checked by running php_info(); from within a file. I would like to turn this off, but asking them to turn it off just for me will not work. I tried adding the following lines to the .htaccess file: <IfModule mod_php4.c> php_flag register_globals off </IfModule>
PHP
2
1464
Variables initialized - does register_globals on matter?
by: peter | last post by:
I have been unsuccessful turning register_globals off. I've tried several ideas. I'm thinking it may not be possible with my hosting company. If I initialize all variables, using $_POST, does that make my script relatively secure? Thanks, Peter
PHP
4
1541
Not possible to turn register_globals on
by: bnashenas1984 | last post by:
Hi everyone I'v been working on my scripts more that 5 months using Microfoft IIS on windows XP. As default the ( register_globals ) was ON ( php.ini ) and that means I didnt need to use ( $_request ) to get the variables from URL. I bought a webspace for 2 weeks ago and realized that ( register_globals ) is turned off on the server. I contacted the support center but they said its not possible for them to turn it on ( because of some...
PHP
8
1796
register_globals on / off - I think I'm missing the point
by: +mrcakey | last post by:
I understand that register_globals was turned off by default as, unless you initialised it, it could be altered by a malicious coder. What I don't understand is how the $_POST form is any more secure. Surely Mr Malicious Coder can still just send his own version of $_POST? Obviously I'm missing something, I just can't figure out what! +mrcakey
PHP
0
10501
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10273
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
10250
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
1
7574
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6811
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5469
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5603
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
4149
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3764
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us