matak
Oct 28 2006, 07:43 AM
| | Joomla shows this warning
QUOTE Following PHP Server Settings are not optimal for Security and it is recommended to change them:
* PHP register_globals setting is `ON` instead of `OFF`
Well it shows two warnings but the other one i can change.
Is this something i, or you should be woried about or is it normal... |
Reply
jlhaslip
Oct 28 2006, 09:24 AM
QUOTE(Larry Ullman @ Author)
Now, with register_globals, I should first clarify that turning register globals on IS NOT a security risk or a bad idea. And turning it on for a local server is definitely NO security risk. RELYING upon register globals is a security risk and a bad idea but just having this setting on is fine (and very common for hosted servers).
SourceAs quoted on another Forum I belong to which deals strictly with PHP and Mysql matters. And the php.net page which discuses the topic is here: http://us3.php.net/manual/en/security.globals.php. Nothing to be worried about if the variables and coding are properly managed. Biggest thing to remember: NEVER, EVER trust user data. Always cleanse it using the method appropriate to the data source and the data target. Stripslashes(), html_entities(), magic_quotes_gpc all have different intentions and should be used accordingly.
Reply
shadowx
Oct 28 2006, 01:51 PM
As those websites and jlhaslip said you can leave it on but i generally turn it off because as said it makes writing vulnerable code so much easier and i think it can also be a risk from SQL injection (eg putting a query into the url and having the website execute it and showing the attacker sensitive information.) The only real difference Ive ever noticed is that by having it on you have to type code like CODE
$user = $_POST['user'];
because (as is the point with register_globals) the code will not automatically take the value of the post variable 'user' and plant it into the variable $user. For development i also find it easier to have it off so that i must use code like above in the event that a host has it off too and i cant change that then i wont have to modify my code. And definitely use the functions jlhaslip said to make sure that input is safe(ish) for the code to use.
Reply
farsiscript
Oct 29 2006, 09:35 AM
Dear matak , i think its better to use mambo script , Joomla has many bug and its not very good and secure script use mambo its real cms thanks
Reply
michaelper22
Nov 17 2006, 07:16 PM
QUOTE(farsiscript @ Oct 29 2006, 04:35 AM) 
Dear matak , i think its better to use mambo script , Joomla has many bug and its not very good and secure script
use mambo its real cms
thanks
The Joomla project is actually a fork of Mambo, meaning some developers from Mambo said Bye Bye and borrowed the source code to make their own product (which is legally allowed under the GNU GPL). So if anything, Mambo and Joomla would constantly be competing for levels of security. And matak, don't worry about the Register Globals warning, I run Joomla and mambo with the same thing and I have no problems.
Reply
farsiscript
Nov 18 2006, 05:58 PM
Yes Dear michaelper22 I Agree Your Post about mambo and Joomla , i test mambo and Joomla with register_globals , Thanks
Reply
blendergalactica
Nov 18 2006, 07:25 PM
However, all the extentions/programs that extend mambo/joomla's functionalities have moved to joomla. Mambo doesn't have a lot left going for it at this point. That being said I haven't had any problems with Joomla thus far...
Reply
lihuyt
Mar 4 2007, 09:40 PM
THE SOLUTION:In the folder /public_html there is a file which is called .access. Edit this file and enter at the bottom of the file this line: CODE php_flag register_globals off Then click save. Now register_globals is turned OFF in ALL subfolders!This code/solution is not originally by me but comes from this link: Click here. I will not take the honor of this code, but I felt like it was relevant to post it here.
Reply
Recent Queries:--
register_globals security risk strip slashes - 221.68 hr back. (1)
-
magic_quotes_gpc godaddy vbulletin - 266.14 hr back. (1)
-
ensim joomla register_global htaccess - 617.72 hr back. (1)
-
following php server settings are not optimal for security and it is recommended to change them: * php magic_quotes_gpc setting is `off` instead of `on plesk` - 753.05 hr back. (1)
-
programme btntkrnlmp.exe - 1374.87 hr back. (1)
-
how to change register_globals value locally on godaddy - 1970.10 hr back. (1)
Similar Topics
Keywords : security, check, php, register, globals, installing, joomla, trap17
- Simple Answer Needed [resolved]
redirest from trap17.com to .com (11)
Credit System V3 And Multiple Accounts, Trap17 And Astahost Forums
(12) Credit System v3 General Information Regarding Multiple Accounts, Trap17 and AstaHost forums FAQ Q
I have Trap17 and AstaHost forum accounts. How does myCENT work and can I transfer from one to
another to pool my credits? A If you use the SAME email address for both forums, Billing and
Support will automatically merge your credit balance. There's no need for worry. Q What about
the policy of not having multiple hosting accounts? A The current Credit System allows multiple
hosting account IF you can keep up the credits. Since the credit balance is centralize....
Language In Trap17 Free Web Hosting
(2) Would someone teach me the lauguage usage in Trap17 free web hosting? In the TOS(terms of services)
of trap17 free web hosting, http://www.trap17.com/forums/index.php?sho...amp;#entry40137 "All
websites must be in English to qualify for free hosting. We do this to ensure that Accounts are
legal and have permissable contents." But I found at a review site
http://www.free-webhosts.com/reviews/Trap17.php that "They are amazing. Non-English sites ARE
allowed, except you have to have an English overlook page detailing your site so they know what it
is about." Which w....
How To Transfer Files Directly From My Computer To The Trap17 Account
(8) Hi! I've been hosted in trap17 for almost 4 months now. In the beginning, I tried to setup a
WebDisk to directly transfer files from my computer to my hosting account, but I didn't manage
to make it work. It might have been from my Vista's weird firewall settings, or my ISP settings,
I have no idea. Anyway, I used the File Manager since, as I don't have a lot of files on my
site. Needless to say, it is really annoying when I do just some little changes and I have to go
again through CPanel, FileManager, UploadFile... pffff So my question to you... How....
Google Blocks Trap17?
(8) Hello. Me and innosia have tried adding our links to Google's URL crawl page, but Google wont
verify. He says it works for the paid Trap17 hosting, but not the free. I've tried Yahoo and
Google and they both will not verify. I've tried adding the meta tag, and file to the cPanel
File Manager and tried re-verifying but theres no use. I've tried refreshing, reloading the
page, clearing my cookies but Google says server timeout. Is Trap17 blocking Google, or is Google
blocking Trap17? Help with be greatly appreciated. Thank you, Sky....
Trap17 Tos?
(11) Hi, I was wondering if there is or isn't a certain TOS for trap17 free hosting packaged. For
example, can we host porn, or link to it. Can we host warez, or link to it. Things like that. Anyone
that could help me? Thanks in advance!....
Trap17 Email Spam Scam - Warning
(12) I got a interesting email today from marcy4u208@gmail.com QUOTE My dear,i am well pleased to
contact you after going through your profile at www.trap17.com on my search for genuine
frienship,please contact me on this idd (marcy4u208@gmail.com)so that i can send you my photo and
tell you about myself,Mercy I sent a reply saying I don't know this site /laugh.gif"
style="vertical-align:middle" emoid=":lol:" border="0" alt="laugh.gif" />, but it should be
interesting if I get a response about some spam related things, but I thought I let members know
about thi....
Movable Type 4
Installing (0) Hi guys. I have a problem here installing Movable Type 4. Has anyone installed it on Trap 17 servers
before? I would need a detailed installation description, as I had many problems installing it here,
possibly due to the server behaviours at Trap 17. Thanks.....
Trap17 Banners And Stuff?
(2) I wanted to add a small banner link thing for trap17.com on my website, and I knew there was a
thread about it, but I lost it, and I tried searching for it and didnt find it. Is there anyone who
knows that thread and can give me the link to it? Thanks!....
Site Help [resolved]
Showing good on one site but but here on trap17 (6) Okay here is the problem. My site www.echo-of-thunder.trap17.com is not showing any graphics,
Background header logo nothing. Uploaded them all. now here is the kicker to this. it all shows just
like it it is supposed to show up on my old host What am I doing wrong here.....
The Trap17 Affiliates
(3) Hi, I thought I'd make this post because a lot of members of Trap17 link to each others website,
what I thought would be good is that anyone who wanted to become part of the "affiliates" group post
there web adress here, then we make a list of all the adresses and everyone who applied link to all
the sites who applied and then we get a big chain of linking members, when I say link I mean in the
footer or on a special links page, blogroll whatever so long as the links can be found somewhere
easily accessable on your site, the more places the better! EDIT: You can ....
I Am Looking Into Going With A Paid Hosting Service And Trap17 Has Been Good To Me So Whats The Paid Hosting's Website?
(7) I am looking at different solutions for paid hosting and I know that that trap17 has some connection
with a paid hosting company and I would like more info about it because I like the way this place is
run and it has been a good place to have my website. So what is the site for the paid hosting?....
Trap17 Host Servers
Are they still the same? (1) Are the trap17 host servers still the same? Right now my domain has its DNS set to ns1.trap17.com
and ns2.trap17.com, am I correct or did the server change also change the DNS?? Thank you
/wink.gif" style="vertical-align:middle" emoid=";)" border="0" alt="wink.gif" />....
Joomla 1.5.2 Broken Link?
Add New User won't work (3) So I wiped the whole slate clean and noticed they've got 1.5.2 now, so I installed it. When I
went to add another admin under the user manager menu, it did nothing when I clicked on "NEW" in the
upper right. This link is broken or something else is wrong here. I need to be able to add other
admins to get this thing off and running... Someone help me please... Admin??? Edit: I've come
to the conclusion that the software that's on the server is bad. Could you, Shree, or someone
over at Xisto please download a new copy of 1.5.2 to replace the one that's the....
Trap17 Dynamic Recent Post/topic Image
(17) Some may remember a while back I created a dynamic image that would tell you your post count and
last active for trap. It had a bit of a run but then died off. It just wasn't very useful.
BUT NOW I am presenting the most epic trap17 image Ever. This one is SUPER customizable and already
works for ALL MEMBERS ! It is designed to be put in your sig so other members can see the recent
topics you have written. It is still in early early beta stage but soon it will have the date
posted along with some other cool features. So I'm sure you are all excited to se....
Brutalwarfare.trap17.com Suspended Due To Abuse
vBulletin License (0) brutalwarfare.trap17.com suspended due to abuse complaint. I am forced to suspend this site for the
invalid vBulletin license running on the website. Usually I never put up complaints like this, but
because I consider Trap17 as one family and everyone here as young webmasters who are eager to
learn. I want to alert everyone to not use any type of nullified or free scripts on your website.
There are millions of free alternatives available. If you are using a nullified version, I request
people to convert to paid license if your website is working for you. Else, you are....
I Bought A Domain Name Through Godaddy And I Need To Know How To Point It At My Trap17 Site Help Plz.
(2) I would like to point my .com at my forums on here but am unsure how to do it. BTW my site is
http://racuria.trap17.com/forums ....
My Opinions On Trap17
Trap17 is more navigatable and has a cooler cPanel than computinghost. (1) Trap17 is more navigatable and has a cooler cPanel than computinghost... This may be opinion, but
the HTML editor on computinghost is long gone. The cPanel is the newer version but as always newer
isn't always better. So what if they have a new cpanel (ensim did the same thing)…the fact is
they left old software on for years when much newer and more secure versions are ready. Hell, php6
is about to come out. So in two years plesk, cpanel and ensim will finally go to php6 when php 8 is
available. Just the inablilty to apply security patches alone is enough to nev....
Trap17 150 Credit Giveaway
(30) Well as I promised, I'm giving away all my award credits for winning the trap17 awards.
Actually these aren't all of them but I'm saving the rest for other giveaways. So anyway on
with the giveaway. I've been thinking about how exactly I should do this one. If I just made
one challenge and gave away 150 credits that would make one person very happy and the other members
very sad. So then I thought, why not have the first person to answer correctly win 100, second win
50, and third and fourth place winners win 25. Well this was a good idea, but still....
Installing Custom Fonts...
(5) Is there any way to install custom fonts? Like I've got a few fonts here that I would like to
install for my website. Is there any way to install them? So how can I install them? Would it even
be possible to install them?....
Changing Trap17 Domain?
(2) Hello. I think I've heard about this somewhere or another on this site, but am not sure.
Currently, my domain is http://sherwoodinfo.trap17.com ...is there any way I can get it changed to
http://sherwood.trap17.com , I checked and it seems that is available. Thank you!!....
Safe Mode Of Php Configuration
in subdomain of trap17.com (4) hallo master.. how to change php configuration from safe_mode off become ON in this trap17.com
subdomain? please someone tell me, /smile.gif" style="vertical-align:middle" emoid=":)" border="0"
alt="smile.gif" />....
Trap17 Ipb Qustion
question about ipb seo on trap17 (1) question about ipb seo on trap17 how did you manage to get ipb to convert all the links to
readable html links ?? for example http://www.trap17.com/forums/foo_foo_foo.html
rather than http://www.trap17.com/forums/index.php?act...w_post&f=86 what did you do to
get that and what kind of hack or mod did you install and what are you using to get that large site
map ?? thanks....
Successfully Installing Joomla [resolved]
Has anyone done it? (2) Hello everyone, I was wondering if anyone around here has successfully installed Joomla on their
Trap17 web space. If so, what was your solution to the session save path dilema? I attempted to make
a custom php.ini with no luck and also attempted to edit the htaccess.txt file. All of these
solutions yielded no result, my session save path is still not set, and I can't properly install
Joomla 1.0.13. Should I try using 1.5 RC4? I doubt that would matter, any advice or help is greatly
appreciated /laugh.gif" style="vertical-align:middle" emoid=":lol:" border="0" alt=....
Trap17 + Computinghost(partner Site Question)
(6) Ok so im getting working on my site.. its a myspace layout site.. so you know its going to have OVER
200 pages.. (myspace layouts) and i was wondering, before i start to place them all in.. if i
happened to transfer to the partner computer host, (just because im paranoid and im scared i will
run out of credits) will trap 17/compu host, transfer all my files for me? will i be keeping the
same tra17 url.. (i already purchased an url, but i dont want to go in if i transfer and change all
the urls, since im guessing the url i bought is only a redirect-aka u can access your ....
Trap17 Offers 17 Mb Of Free Hosting
(11) Imagine that trap17 can offer 17 megs of free hosting to any member registered to this forums. I
mean, 17 megs of space shoudn't be too much fot this huge hosting company like trap17. You would
only need to geather 100 credits on forums, with ultra quality posts and you can get your 17 megs of
space for at least one year. I think it's great idea, don't you? /dry.gif"
style="vertical-align:middle" emoid=" ....
Installing Theme On Smf Forum
Need help doing it! (4) I was wondering, and I am horrible with Cpanels mind you, how to install a new theme. I have an smf
discussion board and I decided to download a theme from the theme place for smf. So it downloads,
and appears in winrar. When I extract it, it comes with a big pile of files, with 2 folders:
Language, and Images. First question is: Do I install these somewhere in the 'File manager'
in cpanel? Ok if yes: Where? Third: Do the main files, language , and image go in different
places? Fourth: There is about 4584305834098 image files, is there a quicker way to get ....
Account Suspended (urbaninsticts.trap17.com) [resolved]
(3) I'm sorry its my bad! i didn't think to keep up in the forums /angel.gif"
style="vertical-align:middle" emoid=":angel:" border="0" alt="angel.gif" /> please can you
un-suspend me please? /blush.gif" style="vertical-align:middle" emoid=":blush:" border="0"
alt="blush.gif" /> i've also spelt my domain name wrong but ill sort that out when I've got
the credits (it should be urban instincts not insticts ) thank you for looking....
The State Of Trap17
Some Things Are Getting Pretty Annoying Here (26) I, the founder of trap17, declare that this is one of the most hilarious topics ever made. Members
please take your time to read this and do enjoy it. My special thanks to Buff and Velma. I
personally ditest trap17 because of it's clutter, it's impossibility to navigate, and the
fact that admins like buffalohelp haven't been banned yet, as he abuses his power to the point
of threatening free speech. Trap17 is way to orienated on its appeal, and not it's content,
which is what's really important. If you make something flashy but pointless, all your....
Installing Apache, Mysql, Phpmyadmin Locally
Solving the "php_mbstring.dll missing" (5) Since Trap17's CP provide the individual site's owner with goodies like MySql and
PhpMyAdmin, chances are some will want to make use of them. Well, it's fine enough to get that
on one's host (Gee! Thanks a lot, Trap17...) Knowing how the usual geek react, it might be
expected that most people considering to make use of a database on their site will want to do most
of the tedious job of developing and testing on their own local system before sending the wrapped-up
result on their domain/subdomain. This involves four basic steps (sorry for the compuwizs, ....
Looking for security, check, php, register, globals, installing, joomla, trap17
|
*SIMILAR VIDEOS*
Searching Video's for security, check, php, register, globals, installing, joomla, trap17
*MORE FROM TRAP17.COM*
|
advertisement
|
|
