#2 Make it work with register_globals="off"

open
nobody
None
5
2012-09-17
2003-06-29
Anonymous
No

It's a pity that you cannot run Group-Office in a
state-of-the-art PHP environment, because it needs
globally registered environment variables.

The makers of PHP explicitely do not recommended to
set register_globals to "on" and this "feature"
(=security hole in 1000s of PHP-apps) is switched off
by default since PHP version 4.1.

Due the fact Group-Office is a business-orientated
application, and security definitely matters in
business-environments this I'd call the problem urgent.

Regards,
hannes.edinger@chello.at

Discussion

  • Logged In: YES
    user_id=733975

    Group-Office developement started at the time of version
    4.0.4 which had register_globals on by default.
    Enabling register_globals is not insecure. But disabling
    will make it harder to create insecure code. There is a
    difference here.
    Disabling it will not makeGroup-Office more secure but
    because it is the default nowadays I will make it work with
    it some day.

     
  • Loqui
    Loqui
    2003-11-06

    Logged In: YES
    user_id=252402

    Note that you can set your php configuration locally with
    an .htaccess file:

    php_value register_globals on

    -Loqui