SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Addict itsource's Avatar
    Join Date
    Jun 2001
    Location
    Thailand
    Posts
    369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Big Problem of IIS. Is PHP can prevent it?

    Because user can pass variable and value via Addressbar
    for example
    http://www.xxxxxx.com?auth=1&name=username;

    I think it a big problem in security because it can assign all variable?

    Recently, I know that we can access and edit file on All server that use IIS (only IIS not Apache or other). By query instruction after address bar. I don't know this instruction but ever seen it. it long instruction. My friend can do it but he don't tell me?

    If someone has known this problem please explanation more detail, How to do, and how to prevent, especially how to prevent user type command or vairable after url of website

  2. #2
    You talkin to me? Anarchos's Avatar
    Join Date
    Oct 2000
    Location
    Austin, TX
    Posts
    1,438
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Set register_globals to off in your php.ini and install the latest security patches for the code red worm.
    ck :: bringing chris to the masses.

  3. #3
    SitePoint Addict itsource's Avatar
    Join Date
    Jun 2001
    Location
    Thailand
    Posts
    369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Can you explain me why set register_globals = off. Is this can solve problem with query string via address bar. And Is code Red worm involve
    this problem

  4. #4
    Mlle. Ledoyen silver trophy seanf's Avatar
    Join Date
    Jan 2001
    Location
    UK
    Posts
    7,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Register globals is a setting in php.ini which when on registers the EGPCS (GET, POST, Cookie, Environment and Built-in variables, not in that order!) variables as global. So, variables in the url will automatically become variables in the script. This is the setting:

    register_globals = On

    Sean
    Harry Potter

    -- You lived inside my world so softly
    -- Protected only by the kindness of your nature


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •