CodeCharge Studio
search Register Login  

Web Reporting

Visually create Web Reports in PHP, ASP, .NET, Java, Perl and ColdFusion.
CodeCharge.com

YesSoftware Forums -> Archive -> CodeCharge.Discussion

 security not working php 4.2.3

 Print topic Send topic

Author Message
guest
Posted: 09/08/2002, 10:00 AM
I upgraded my test machine to PHP 4.2.3. Now the security logic no longer
works. I enter my login name and password and nothing happens (it returns to
the login screen). Anyone else experienced any issues with this. I am
running win 2000, IIS, php 4.2.3 and mysql 3.23.39. My production machine
has php 4.0.6 and doesn't have this problem.
Christoph Grottolo
Posted: 09/08/2002, 12:33 PM
Try to set register_globals to 'on' in php.ini - this should work (and you
should now what you do when you do that).

Christoph


dsafar@cool-offers.com wrote:
> I upgraded my test machine to PHP 4.2.3. Now the security logic no
> longer works. I enter my login name and password and nothing happens
> (it returns to the login screen). Anyone else experienced any issues
> with this. I am running win 2000, IIS, php 4.2.3 and mysql 3.23.39.
> My production machine has php 4.0.6 and doesn't have this problem.
dsafar
Posted: 09/08/2002, 3:26 PM
Thanks. that did the trick.
"Christoph Grottolo" <cg@gordimer.net> wrote in message
news:alg8lq$hdd$1@news.codecharge.com...
> Try to set register_globals to 'on' in php.ini - this should work (and you
> should now what you do when you do that).
>
> Christoph
>
>
> dsafar@cool-offers.com wrote:
> > I upgraded my test machine to PHP 4.2.3. Now the security logic no
> > longer works. I enter my login name and password and nothing happens
> > (it returns to the login screen). Anyone else experienced any issues
> > with this. I am running win 2000, IIS, php 4.2.3 and mysql 3.23.39.
> > My production machine has php 4.0.6 and doesn't have this problem.
>
guest
Posted: 09/09/2002, 12:14 PM
In codecharge.discussion, "Christoph Grottolo" <cg@gordimer.net> wrote:
=> Try to set register_globals to 'on' in php.ini

It was turned off in the new defaults:
see: http://www.php.net/manual/en/security.registerglobals.php

"Using Register Globals

One feature of PHP that can be used to enhance security is configuring PHP
with register_globals = off. By turning off the ability for any user-submitted
variable to be injected into PHP code, you can reduce the amount of variable
poisoning a potential attacker may inflict. They will have to take the
additional time to forge submissions, and your internal variables are
effectively isolated from user submitted data.

While it does slightly increase the amount of effort required to work with
PHP, it has been argued that the benefits far outweigh the effort. "

(more at the above URL).

Hopefully CodeCharge will be upgraded to do this properly in future.

HTH,

- Don

   


These are Community Forums for users to exchange information.
If you would like to obtain technical product help please visit http://support.yessoftware.com.

MS Access to Web

Convert MS Access to Web.
Join thousands of Web developers who build Web applications with minimal coding.
CodeCharge.com

Home   |    Search   |    Members   |    Register   |    Login


Powered by UltraApps Forum created with CodeCharge Studio
Copyright © 2003-2004 by UltraApps.com  and YesSoftware, Inc.