Posted by Jerry Stuckle on 01/27/07 03:32

Dave wrote:
>
> On Jan 25, 5:54 pm, gordonb.zi...@burditt.org (Gordon Burditt) wrote:
>>> In PHP 4.4, what is the most secure server configuration while keeping
>>> REGISTER_GLOBALS on?Completely disconnected from the network?
>> Powered off?
>
> lol
>
> Ok, what's the least vulnerable usable configuration with
> REGISTER_GLOBALS on?
>

There is none.

> A more specific question is with the server at it's least vulnerable
> configuration, is it possible to gain read/write access to the server
> file system through poorly coded PHP using REGISTER_GLOBALS?
>

It's possible to do anything with poorly written PHP code.

If your hosting company is running with it on, it's time to find another
hosting company.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

• Next in forum: Re: How to build a site with access privieges?
• Prev in forum: Re: Database structure decision
• Thread view: Re: security precautions on REGISTER_GLOBALS

[Reply to this message]