proudly Posted March 8, 2015 Share Posted March 8, 2015 (edited) I was reading a book and I saw that paragraph ''The only trick to these settings (..on php.ini)it that if you choose to use legacy software written inPHP, it may very well require that register_globals and/or register_long_arraysbe turned on. In this case, you must decide whether using the software is worth thesecurity risk.You can mitigate this risk by checking frequently for security patches andother updates for such software'' The author does n't explain what could be the ''security risk''. Could anyone explain? Edited March 8, 2015 by proudly Link to comment Share on other sites More sharing options...
Ingolme Posted March 8, 2015 Share Posted March 8, 2015 I can't imagine any decent software old enough that it would need register_globals to work. The security risk is that the user can set the value of any variable on your script and make your program behave in an unexpected manner. This may be a problem depending on how the program is built. Link to comment Share on other sites More sharing options...
proudly Posted March 9, 2015 Author Share Posted March 9, 2015 (edited) if register_globals is set to off, can someone use freely the software or not? Also if register_globalls is set to off, the risk is eliminated or not, and then the page is readable and working well? the prevous abstract is from the book ''PHP and MySQL Web Development'', Fourth Edition by Luke Welling and Laura Thomson, page 380 Edited March 9, 2015 by proudly Link to comment Share on other sites More sharing options...
justsomeguy Posted March 9, 2015 Share Posted March 9, 2015 if register_globals is set to off, can someone use freely the software or not?Well, if it requires register_globals to work, and you have that option off, then the software isn't going to work.Also if register_globalls is set to off, the risk is eliminated or notIf register_globals is disabled then the problems caused by register_globals being enabled are eliminated. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now