Professional Web Applications Themes

register_globals=on question - PHP Development

I know that having register_globals=ON is a security risk and we have it OFF. We want to use the GeekLog content manager and it only works with ON. Can someone give us some coding tips on how to mitigate any possible security problems if we turn it on? I know it has to do with a querystring that is same as a variable name being sent in the URL. How can we prevent that and still leave globals ON? Anyone have some simple magic? Thanks, Al...

  1. #1

    Default register_globals=on question

    I know that having register_globals=ON is a security risk and we have it OFF.

    We want to use the GeekLog content manager and it only works with ON.

    Can someone give us some coding tips on how to mitigate any possible security
    problems if we turn it on? I know it has to do with a querystring that is
    same as a variable name being sent in the URL. How can we prevent that and
    still leave globals ON? Anyone have some simple magic?

    Thanks,

    Al

    Adams-Blake Co. Guest

  2. #2

    Default Re: register_globals=on question

    With total disregard for any kind of safety measures "Adams-Blake
    Co." <atakeoutcantonadams.takeme.out.-blake.com> leapt forth and
    uttered:
    > I know that having register_globals=ON is a security risk and we
    > have it OFF.
    >
    > We want to use the GeekLog content manager and it only works
    > with ON.
    >
    > Can someone give us some coding tips on how to mitigate any
    > possible security problems if we turn it on? I know it has to do
    > with a querystring that is same as a variable name being sent in
    > the URL. How can we prevent that and still leave globals ON?
    > Anyone have some simple magic?
    >
    > Thanks,
    >
    > Al
    >
    >
    rm ./geeklog -r

    Thats the only sure way.

    What is geeklog anyway? Have you looked into something else like
    Plog? ([url]http://plog.sourceforge.net[/url])

    --
    There is no signature.....
    Phil Roberts Guest

  3. #3

    Default Re: register_globals=on question

    What php version are you using?

    If your php version is >= 4.1.0
    Then add:

    import_request_variables('GPC');

    in the header of the file.
    This will imports GET/POST/COOKIE in the global scope.

    If you want to import other variables like SERVER
    use the function extract().

    DO NOT touch your php.ini file!


    HTH




    "Adams-Blake Co." <atakeoutcantonadams.takeme.out.-blake.com> wrote in
    message news:IDS7b.7577$Yt.7399newsread4.news.pas.earthli nk.net...
    > I know that having register_globals=ON is a security risk and we have it
    OFF.
    >
    > We want to use the GeekLog content manager and it only works with ON.
    >
    > Can someone give us some coding tips on how to mitigate any possible
    security
    > problems if we turn it on? I know it has to do with a querystring that is
    > same as a variable name being sent in the URL. How can we prevent that and
    > still leave globals ON? Anyone have some simple magic?
    >
    > Thanks,
    >
    > Al
    >

    sam Guest

  4. #4

    Default Re: register_globals=on question

    "sam" <rbaba99caramail.com> schrieb:
    > If your php version is >= 4.1.0
    > Then add:
    >
    > import_request_variables('GPC');
    >
    > in the header of the file.
    > This will imports GET/POST/COOKIE in the global scope.
    This is nearly the same as to use register_globals = on.

    Regards,
    Matthias
    Matthias Esken Guest

Similar Threads

  1. [PHP] register_globals
    By John W. Holmes in forum PHP Development
    Replies: 4
    Last Post: October 27th, 05:22 PM
  2. register_globals
    By Deependra B. Tandukar in forum PHP Development
    Replies: 8
    Last Post: October 27th, 03:46 PM
  3. Sessions with register_globals=off
    By Martin Ziebart in forum PHP Development
    Replies: 1
    Last Post: August 27th, 09:24 PM
  4. How unsafe is register_globals?
    By Paul Chvostek in forum PHP Development
    Replies: 1
    Last Post: July 17th, 06:33 AM
  5. register_globals ON ? / OFF ?
    By Frank in forum PHP Development
    Replies: 4
    Last Post: July 16th, 07:43 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139