In PHP 4.4, what is the most secure server configuration while keeping
REGISTER_GLOBAL S on? 12 1853
>In PHP 4.4, what is the most secure server configuration while keeping
>REGISTER_GLOBA LS on?
Completely disconnected from the network?
Powered off?
On Fri, 26 Jan 2007 01:54:27 +0100, Gordon Burditt
<go***********@ burditt.orgwrot e:
>In PHP 4.4, what is the most secure server configuration while keeping REGISTER_GLOBA LS on?
Completely disconnected from the network?
Powered off?
Damn, I was going to say "disallow the use of all functions", but indeed,
powered off seems safest. Less firehazard, and no wear and tear on the
hardware as added bonus...
--
Rik Wasmus
On Jan 25, 5:05 pm, Rik <luiheidsgoe... @hotmail.comwro te:
On Fri, 26 Jan 2007 01:54:27 +0100, Gordon Burditt
<gordonb.zi...@ burditt.orgwrot e:
In PHP 4.4, what is the most secure server configuration while keeping
REGISTER_GLOBAL S on?
Completely disconnected from the network?
Powered off?Damn, I was going to say "disallow the use of all functions", but indeed,
powered off seems safest. Less firehazard, and no wear and tear on the
hardware as added bonus...
--
Rik Wasmus
And to think I was thinking of the user verification scheme: require
every client to be personally interviewed by you, and then tell them
that there's probably buggy behavior.
Maybe too much work, though.
--
Curtis
On Fri, 26 Jan 2007 13:03:09 +0100, Curtis <dy****@gmail.c omwrote:
Powered off?Damn, I was going to say "disallow the use of all
functions", but indeed,
Hmmz, I see this weird behaviour often lately, pushing the line of a reply
back on the last line of a quote. Is this a new Google Groups 'feature',
or has it something to do with my experimenting with other newsclients?
--
Rik Wasmus
On Jan 25, 5:54 pm, gordonb.zi...@b urditt.org (Gordon Burditt) wrote:
In PHP 4.4, what is the most secure server configuration while keeping
REGISTER_GLOBAL S on?Completely disconnected from the network?
Powered off?
lol
Ok, what's the least vulnerable usable configuration with
REGISTER_GLOBAL S on?
A more specific question is with the server at it's least vulnerable
configuration, is it possible to gain read/write access to the server
file system through poorly coded PHP using REGISTER_GLOBAL S?
Dave wrote:
>
On Jan 25, 5:54 pm, gordonb.zi...@b urditt.org (Gordon Burditt) wrote:
>>In PHP 4.4, what is the most secure server configuration while keeping REGISTER_GLOB ALS on?Completely disconnected from the network?
Powered off?
lol
Ok, what's the least vulnerable usable configuration with
REGISTER_GLOBAL S on?
There is none.
A more specific question is with the server at it's least vulnerable
configuration, is it possible to gain read/write access to the server
file system through poorly coded PHP using REGISTER_GLOBAL S?
It's possible to do anything with poorly written PHP code.
If your hosting company is running with it on, it's time to find another
hosting company.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
On Jan 26, 4:11 am, Rik <luiheidsgoe... @hotmail.comwro te:
Hmmz, I see this weird behaviour often lately, pushing the line of a reply
back on the last line of a quote. Is this a new Google Groups 'feature',
or has it something to do with my experimenting with other newsclients?
--
Rik Wasmus
Yeah, this is something that's off with Google Groups. I try to fix it
manually when I catch it. I think I should start using Thunderbird, or
maybe I'll just google around for some good news clients. Are there
any you are particularly fond of?
On Jan 25, 5:54 pm, gordonb.zi...@b urditt.org (Gordon Burditt) wrote:
In PHP 4.4, what is the most secure server configuration while keeping
REGISTER_GLOBAL S on?Completely disconnected from the network?
Powered off?
lol Ok, what's the least vulnerable usable configuration with REGISTER_GLOBA LS on? A more specific question is with the server at it's least vulnerable configuratio n, is it possible to gain read/write access to the server file system through poorly coded PHP using REGISTER_GLOBAL S?
I'd have to agree with Jerry, it's not worth running any application
that needs to be run securely, while register_global s is on. If your
host has PHP installed as an Apache module, you could try altering the
ini register_global s setting from .htaccess.
--
Curtis
Curtis <dy****@gmail.c omwrote:
On Jan 26, 4:11 am, Rik <luiheidsgoe... @hotmail.comwro te:
>Hmmz, I see this weird behaviour often lately, pushing the line of a reply back on the last line of a quote. Is this a new Google Groups 'feature', or has it something to do with my experimenting with other newsclients?
Yeah, this is something that's off with Google Groups. I try to fix it
manually when I catch it. I think I should start using Thunderbird, or
maybe I'll just google around for some good news clients. Are there
any you are particularly fond of?
I've used Outlook Express (with OE-Quotefix) for a very long time, but it
simply will not do. I'm testing other readers right now, currently I'm
using Opera, and I'd say, it was already my favourite browser, now it's my
favourite newsreader too :-).
XNews seems to be very good also, I've yet to test it, there seems to be
some steep learning curve involved.
--
Rik Wasmus
On Jan 26, 2:11 pm, Rik <luiheidsgoe... @hotmail.comwro te:
Hmmz, I see this weird behaviour often lately, pushing the line of a reply
back on the last line of a quote. Is this a new Google Groups 'feature'
Yep, and here are some other Google Groups "features": http://groups.google.com/group/Is-Something-Broken/msg/
a62f60b19d75b8e 9
Here's the TinyURL version of the above URL as the above URL probably
gets broken: http://tinyurl.com/3ygr2v This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Simon Hadler |
last post by:
Hi was asking some questions about this in alt.php but some didn't get answered.
Yes I have read an awful lot now about php security and different advisories
and Idon't mind being called a competely dimwit but I still don't understand
what prevents this from happening if register_globals is ON:
http://www.mywebsite.com/anypage.php?firststep = fopen ("../etc/passwd", "r");&secondstep=fread($firststep,filesize("../etc/passwd"));
I can't...
|
by: wonder |
last post by:
Hi,
The CRM application said that need to add an option
"REGISTER_GLOBALS=On" to the php.ini file, so I did what it told.
But I still can't get rid off the following error:
The PHP variable "REGISTER_GLOBALS" is disabled (0). This is fatal.
Edit your php.ini and set REGISTER_GLOBALS to "On".
I changed the value "On" to "Yes", still getting the same error.
|
by: Phil Latio |
last post by:
I am newish to PHP and wish to create an authentication system where a new
user is required to validate/complete their sign-up by clicking a link in an
email.
I am probably capable of putting something together where the user gets sent
a link with a set of values but I am sure it would require
"register_globals" set to ON.
How is this achieved with "register_globals" set to OFF?
|
by: rjames.clarke |
last post by:
I am developing an online application and the last thing I need to get
a handle on is security.
This app is very heavy with forms. Business critical data will be
entered via forms and inserted in to a database (mysql).
I've google "php security" and from what I've read, I should:
1) Filter all form data by stripping all non-alpha/numeric characters
out,
|
by: Ham Pastrami |
last post by:
My hosting provider has register_globals on. How big of a security risk is
this, and is there a workaround for it if I can't convince them to turn it
off? At the moment I am running phpbb and mantis on my site.
| |
by: Ignoramus20689 |
last post by:
While trying to signon at a website, I got the following PHP code
back. I suppose that their apache was mistakenly returning php text
instead of executing it.
<?php
if (!defined("INCLUDED"))
include "include.php3";
$sql = mysql_query("select * from registrants where Account_Username='$username' AND Account_Password='$password'");
if (@mysql_num_rows($sql) == 0) {
|
by: himilecyclist |
last post by:
My State government organization has written a PHP/MySQL application
which has been in production for about 6 months and has been highly
successful.
We are now embarking on a similar database application, but one with
much higher security concerns (birth data). Prior to beginning the
project, we met with an oversight committee who strongly advised
against PHP and suggested Java. Their concern was that PHP could not
be trusted to...
|
by: hansBKK |
last post by:
Upfront disclaimer - I am a relative newbie, just starting out learning
about PHP, mostly by researching, installing and playing with different
scripts. I am looking for a host that will provide the right environment
for this - running a wide variety of PHP applications. I realise that
security is also important, but for now flexibility is more important to
me.
Note that I'm **not** looking for people to recommend hosting companies,
I...
|
by: Earl Anderson |
last post by:
First, I feel somewhat embarrassed and apologetic that this post is lengthy,
but in an effort to furnish sufficient information (as opposed to too little
information) to you, I wanted to supply all of the relevant facts. Second,
despite the fact that I think the obvious 'quick' answer to my question
would be 'Yes', I am seeking your wisdom and recommendation to the question
as to this particular set of circumstances.
I have 20 Security...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |