| Re: Shocking amount of PHP security holes? [message #171124 is a reply to message #171086] |
Sat, 25 December 2010 22:38   |
Twayne
Messages: 135
Registered: September 2010
Karma:
|
Senior Member |
|
|
In news:5vn7h6l9g83o4fqplm3uttg7l1bvt3uhap(at)mfesser(dot)de,
Michael Fesser <netizen(at)gmx(dot)de> typed:
> .oO(Ignoramus30015)
>
>> On 2010-12-23, ?lvaro G. Vicario
>> <alvaro(dot)NOSPAMTHANX(at)demogracia(dot)com(dot)invalid> wrote:
>>>
>>> It was a wrong design decision taken by the PHP team many
>>> years ago. In earlier versions PHP would automatically
>>> create variables from several input sources so you could
>>> code <input type="text" name="email"> and automatically
>>> get user data available at $email. After that, the web
>>> evolved, security become a concern and this feature was
>>> (kind of) disabled.
>>
>> Thanks. Is there a way to for sure disable it, across the
>> board, for
>> all PHP programs?
>
> The keyword is 'register_globals'. Make sure that it's
> disabled.
>
> Micha
But beware, that adds very little to security. Read your php.ini for
information about "register_globals".
In fact, spend a little time reading the php.ini file, period.
"Sanitizing data" and "data verification" would likely be two good search
terms for you for PHP. Also "php manual" with or without the quotes.
HTH,
Twayne`
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]