By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,046 Members | 1,200 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,046 IT Pros & Developers. It's quick & easy.

security precautions on REGISTER_GLOBALS

P: n/a
In PHP 4.4, what is the most secure server configuration while keeping
REGISTER_GLOBALS on?

Jan 26 '07 #1
Share this Question
Share on Google+
12 Replies


P: n/a
>In PHP 4.4, what is the most secure server configuration while keeping
>REGISTER_GLOBALS on?
Completely disconnected from the network?
Powered off?
Jan 26 '07 #2

P: n/a
Rik
On Fri, 26 Jan 2007 01:54:27 +0100, Gordon Burditt
<go***********@burditt.orgwrote:
>In PHP 4.4, what is the most secure server configuration while keeping
REGISTER_GLOBALS on?

Completely disconnected from the network?
Powered off?
Damn, I was going to say "disallow the use of all functions", but indeed,
powered off seems safest. Less firehazard, and no wear and tear on the
hardware as added bonus...
--
Rik Wasmus
Jan 26 '07 #3

P: n/a
On Jan 25, 5:05 pm, Rik <luiheidsgoe...@hotmail.comwrote:
On Fri, 26 Jan 2007 01:54:27 +0100, Gordon Burditt

<gordonb.zi...@burditt.orgwrote:
In PHP 4.4, what is the most secure server configuration while keeping
REGISTER_GLOBALS on?
Completely disconnected from the network?
Powered off?Damn, I was going to say "disallow the use of all functions", but indeed,
powered off seems safest. Less firehazard, and no wear and tear on the
hardware as added bonus...
--
Rik Wasmus
And to think I was thinking of the user verification scheme: require
every client to be personally interviewed by you, and then tell them
that there's probably buggy behavior.

Maybe too much work, though.

--
Curtis

Jan 26 '07 #4

P: n/a
Rik
On Fri, 26 Jan 2007 13:03:09 +0100, Curtis <dy****@gmail.comwrote:
Powered off?Damn, I was going to say "disallow the use of all
functions", but indeed,
Hmmz, I see this weird behaviour often lately, pushing the line of a reply
back on the last line of a quote. Is this a new Google Groups 'feature',
or has it something to do with my experimenting with other newsclients?

--
Rik Wasmus
Jan 26 '07 #5

P: n/a


On Jan 25, 5:54 pm, gordonb.zi...@burditt.org (Gordon Burditt) wrote:
In PHP 4.4, what is the most secure server configuration while keeping
REGISTER_GLOBALS on?Completely disconnected from the network?
Powered off?
lol

Ok, what's the least vulnerable usable configuration with
REGISTER_GLOBALS on?

A more specific question is with the server at it's least vulnerable
configuration, is it possible to gain read/write access to the server
file system through poorly coded PHP using REGISTER_GLOBALS?

Jan 27 '07 #6

P: n/a
Dave wrote:
>
On Jan 25, 5:54 pm, gordonb.zi...@burditt.org (Gordon Burditt) wrote:
>>In PHP 4.4, what is the most secure server configuration while keeping
REGISTER_GLOBALS on?Completely disconnected from the network?
Powered off?

lol

Ok, what's the least vulnerable usable configuration with
REGISTER_GLOBALS on?
There is none.
A more specific question is with the server at it's least vulnerable
configuration, is it possible to gain read/write access to the server
file system through poorly coded PHP using REGISTER_GLOBALS?
It's possible to do anything with poorly written PHP code.

If your hosting company is running with it on, it's time to find another
hosting company.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Jan 27 '07 #7

P: n/a
On Jan 26, 4:11 am, Rik <luiheidsgoe...@hotmail.comwrote:
Hmmz, I see this weird behaviour often lately, pushing the line of a reply
back on the last line of a quote. Is this a new Google Groups 'feature',
or has it something to do with my experimenting with other newsclients?

--
Rik Wasmus
Yeah, this is something that's off with Google Groups. I try to fix it
manually when I catch it. I think I should start using Thunderbird, or
maybe I'll just google around for some good news clients. Are there
any you are particularly fond of?

On Jan 25, 5:54 pm, gordonb.zi...@burditt.org (Gordon Burditt) wrote:
In PHP 4.4, what is the most secure server configuration while keeping
REGISTER_GLOBALS on?Completely disconnected from the network?
Powered off?
lol
Ok, what's the least vulnerable usable configuration with
REGISTER_GLOBALS on?
A more specific question is with the server at it's least vulnerable
configuration, is it possible to gain read/write access to the server
file system through poorly coded PHP using REGISTER_GLOBALS?
I'd have to agree with Jerry, it's not worth running any application
that needs to be run securely, while register_globals is on. If your
host has PHP installed as an Apache module, you could try altering the
ini register_globals setting from .htaccess.

--
Curtis

Jan 28 '07 #8

P: n/a
Rik
Curtis <dy****@gmail.comwrote:
On Jan 26, 4:11 am, Rik <luiheidsgoe...@hotmail.comwrote:
>Hmmz, I see this weird behaviour often lately, pushing the line of a
reply
back on the last line of a quote. Is this a new Google Groups 'feature',
or has it something to do with my experimenting with other newsclients?

Yeah, this is something that's off with Google Groups. I try to fix it
manually when I catch it. I think I should start using Thunderbird, or
maybe I'll just google around for some good news clients. Are there
any you are particularly fond of?
I've used Outlook Express (with OE-Quotefix) for a very long time, but it
simply will not do. I'm testing other readers right now, currently I'm
using Opera, and I'd say, it was already my favourite browser, now it's my
favourite newsreader too :-).

XNews seems to be very good also, I've yet to test it, there seems to be
some steep learning curve involved.
--
Rik Wasmus
Jan 28 '07 #9

P: n/a
On Jan 26, 2:11 pm, Rik <luiheidsgoe...@hotmail.comwrote:
Hmmz, I see this weird behaviour often lately, pushing the line of a reply
back on the last line of a quote. Is this a new Google Groups 'feature'
Yep, and here are some other Google Groups "features":

http://groups.google.com/group/Is-Something-Broken/msg/
a62f60b19d75b8e9

Here's the TinyURL version of the above URL as the above URL probably
gets broken:

http://tinyurl.com/3ygr2v

Jan 28 '07 #10

P: n/a
On Jan 28, 5:03 am, Rik <luiheidsgoe...@hotmail.comwrote:
Curtis <dye...@gmail.comwrote:
On Jan 26, 4:11 am, Rik <luiheidsgoe...@hotmail.comwrote:
Hmmz, I see this weird behaviour often lately, pushing the line of a
reply
back on the last line of a quote. Is this a new Google Groups 'feature',
or has it something to do with my experimenting with other newsclients?
Yeah, this is something that's off with Google Groups. I try to fix it
manually when I catch it. I think I should start using Thunderbird, or
maybe I'll just google around for some good news clients. Are there
any you are particularly fond of?

I've used Outlook Express (with OE-Quotefix) for a very long time, but it
simply will not do. I'm testing other readers right now, currently I'm
using Opera, and I'd say, it was already my favourite browser, now it's my
favourite newsreader too :-).

XNews seems to be very good also, I've yet to test it, there seems to be
some steep learning curve involved.
--
Rik Wasmus
Thanks for your suggestions. I use Opera for web browsing sometimes,
but I must have forgotten it has newsreader capabilities. Thanks for
that.

Another thing that's irritating about Google Groups is that it
defaults to topposting. I haven't really hunted around for settings,
but it doesn't seem like you can change this.

Thanks for the helpful link, Tomi..

--
Curtis

Jan 30 '07 #11

P: n/a
Curtis wrote:
Another thing that's irritating about Google Groups is that it
defaults to topposting. I haven't really hunted around for settings,
but it doesn't seem like you can change this.
It doesn't really default to anything - except quoting the
original text. It's just that when you start out, your cursor
is at the top of the quoted material.

From there you can either review and edit the quoted material
(which you should do anyway)

If you don't want to review the quoted material, hit Ctl-End to
go directly to the bottom and begin typing.
Jan 30 '07 #12

P: n/a
On Tue, 30 Jan 2007 14:05:14 -0800, Sanders Kaufman <bu***@kaufman.net>
wrote:
Curtis wrote:
>Another thing that's irritating about Google Groups is that it defaults
to topposting. I haven't really hunted around for settings, but it
doesn't seem like you can change this.

It doesn't really default to anything - except quoting the original
text. It's just that when you start out, your cursor is at the top of
the quoted material.

From there you can either review and edit the quoted material (which
you should do anyway)

If you don't want to review the quoted material, hit Ctl-End to go
directly to the bottom and begin typing.
Yeah, I know, it isn't that big of a deal, but I'm not even using google
groups anymore. The previous point made about the latest quoted portion
being pushed onto the same line as its quoted post is actually annoying
though.

--
Curtis, http://dyersweb.com
Feb 1 '07 #13

This discussion thread is closed

Replies have been disabled for this discussion.