RSS

Kurinchi Blogger Scribbles …

On Open Source Technologies

Posts Tagged ‘register globals’

Jul 16
2009

How to turn off register_globals via php.ini?

Last updated: July 15th, 2009

It is always secured to turn OFF register_globals in PHP applications. Earlier, we have seen how to turn OFF register_globals setting via .htaccess file and in this blog we will use php.ini instead.

Using a text editor create a file called php.ini. This will be our first step.

Next, we need to add the following line of code in php.ini
register_globals = off

Upload php.ini file to the root folder where your application resides.

Tags: , , , ,
Posted in PHP, Security | No Comments »

May 20
2009

PHP Register Globals and Security Vulnerability

Last updated: May 21st, 2009

Register Globals directive is turned OFF from PHP version 4.2.

PHP Global Variables
Environment variables, GET, POST, Server, Cookie variables are knows as Global Variables.

When register_globals directive is turned ON (like what most ISP’s did), you can access/set the global variables like $username, $password instead of $_POST["username"], $_POST["password"].
(more…)

Tags: , , , , ,
Posted in Apache, PHP, Security | 1 Comment »

Copyright ©2008 - 2012. Kurinchilion Inc.

Valid HTML 4.01 Strict  Valid HTML 4.01 Strict