Posted by Jerry Stuckle on 09/10/05 04:43

peter wrote:
> Thanks Andy! I guess what got me looking into this in the first place
> was we received some of those strange emails where
> randomletters@oursite.com are entered for all inputs and a CC is sent
> to a different email address. A friend told me we may be vulnerable if
> register_globals are on, which they are. Have you ever heard of such
> emails? If so, will turning off register_globals protect us, or must
> something more be done?
>
> Thanks again,
>
> Peter
>

Peter,

Turning off register_globals may or may not help. It all depends on how
the script was coded. Of course, if it were a secure script, the CC:
wouldn't be allowed, whether register_globals was on or off.

My suspicion is that the script itself is insecure, and turning
register_globals off won't help in this case. In any event, you really
should turn it off. The chances are pretty high if there is one problem
there could be others.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

• Next in forum: pass upload page variables
• Prev in forum: buffered data error with SOAP requests
• Thread view: Re: Register_Globals?

[Reply to this message]