FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


php security problem





charliehk
Would there be any security problem if global_register is set to ON instead of OFF?

What is the worst scenario?

If there is really a problem, how to fix that given the constraint that Global_register must be set ON?
Rhysige
make a .htaccess file into your main directory and put
Code:
php_flag register_globals 0

Into it.

And if youve got a member login system (like I do) its almost certainly insecure with it on, the moment I turned it off it got so much more secure (near impenetrable.. no ones got in yet)
charliehk
thanks for helping; Let's say setting Global_register = ON is a constraint for me, I would like to know what outsiders could do (what their tricks are) and the damages may caused by the loopholes (if any);


Of course, if there are loopholes, it is desirable for me to understand how to deal with them (without setting off Global_register). For example, where I should put an eye on ...



Smile
Grimboy
User: http://yoursite.com/yourpage.php?member=true

Script

if(blah-blah-blah){
$member=true;
}

if($member){
echo "you are a member";
}

---

That sort of thing. Personally I would say it's not worth it. It makes it easier to forget to verify them as well.
charliehk
thanks a lot for your code!!

Do you mean that if every variables used in the php code are initialized properly, then the code is as safe as the case where "Global_register = OFF"?

Code:
$member = false;

if (blah-blah-blah){
....


Grimboy wrote:
User: http://yoursite.com/yourpage.php?member=true

Script

if(blah-blah-blah){
$member=true;
}

if($member){
echo "you are a member";
}

---

That sort of thing. Personally I would say it's not worth it. It makes it easier to forget to verify them as well.
Related topics
Php, mime_content_type() problem
PHP Login Problem
problem with internet explorer
What is useful way in this php+mysql problem?
PHP script problem
Error messages and php editing in a photo archive (fixed?)
PHP Security problems with latest frihost changes
Stats problem - php execution problem (MOD Assist Required)
php msql problem
php mail(); problem... half fixed?
Installed Wamp but there is a Security Problem
PHP noob problem
PHP mail() function...
PHP Includes Problem
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.