From: Hans Lellelid <hans@ve...> - 2003-03-18 18:53:14
Sorry for the delay in response. Inicidentally, I am actually no longer
the tech lead for the PHlexDB project [I need to update the phlexdb.org
site] -- the project has evolved into the Syntax project and you can
learn more from: http://syntax.forumone.com/ . There is some new
documentation there -- and links to new, more up-to-date sourceforge
I'm glad, however, to see that you're interested in using the suite of
tools -- and I hope that it serves your purpose. Yes, Syntax currently
does require register_globals to be on -- although I this is really only
a requirement for the administration / db setup tools, and not the
public site. register_globals in PHP means that variables sent to a
script via GET or POST (or cookies) automatically become part of the
global namespace. Take a look at
http://www.zend.com/manual/security.registerglobals.php to understand
the security implications of this.
I am copying the websyntax-core list, so feel free to post to that list
if you have other questions, etc. Good luck.
Adrian Columb wrote:
>I'm very impressed by PhlexDB/Syntax from reading all about it on your site.
>I am now considering installing it for managing content on my site
>http://www.danceportalglobal.com/. I was wondering if you could explain to
>me the security implications of having register globals = ON, as it is
>mentioned as a known flaw of the software? Otherwise it sounds great.