Reply to Re: register_globals security risk

Your name:

Reply:


Posted by Chung Leong on 05/19/06 01:11

Ham Pastrami wrote:
> My hosting provider has register_globals on. How big of a security risk is
> this, and is there a workaround for it if I can't convince them to turn it
> off? At the moment I am running phpbb and mantis on my site.

One has to remember that register_globals is not a security risk in on
itself. The developers of PHP weren't that dumb. What they didn't
anticipate is people using include files as functions. Programmers with
a background in other procedure languages like C just don't do that.
Include files are for loading in definitions, not to cause things to
happen.

Take a look at the code and if there are places the script does
something by including a file. If so, you probably have a
vulnerability somewhere.

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация