As if we needed more evidence that register_globals is bad

Tuesday, January 16, 2007 by Ed Finkler
in Kudos, Opinions and Rants, Secure IT Practices

Tags for this post:

Comments

Posted by Sicurezza, ICT ed altro » Blog Archive &raqu
on Tuesday, January 16, 2007 at 10:53 AM

[...] Anche Wordpress 2.0.6 Ã¨ (giÃ ) vulnerabile. Questo post del Cerias discute la questione, e mette in evidenza come la “sicurezza multilivello” sia necessaria proprio per limitare le conseguenze diÂ una vulnerabilitÃ di uno dei tanti componenti di un sito/sistema/sistema informativo. [...]

Posted by PHP Devils » As if we needed more evidence t
on Sunday, March 4, 2007 at 02:26 PM

[...] ÐÐµÐ±Ð¾Ð»ÑŒÑˆÐ°Ñ Ð·Ð°Ð¼ÐµÑ‚ÐºÐ° Ð¾ Ð²Ñ€ÐµÐ´Ðµ Ð²ÐºÐ»ÑŽÑ‡ÐµÐ½Ð½Ñ‹Ñ… register_globals. For the past few years, PHP security experts have been pounding on the heads of sysadmins to turn off register_globals. While default installs of PHP turn it off, some popular web apps (especially older versions) insist on using it, so some webhost sysadmins will turn it on, presumably to make things go smoothly for their customers. Oops! Web app security (and any security, for that matter) must be multilayered: on the hardware level, on the server daemon level, on the language environment level, and on the code level. [...]

Page 1 of 1 pages

As if we needed more evidence that register_globals is bad

Comments

Leave a comment

Recent Blogs

Archive