Menu
▾
▴
[Websyntax-core] Re: PhlexDB/Syntax security flaw enquiry
|
From: Hans L. <ha...@ve...> - 2003-03-18 18:53:14
|
Hi Adrian, Sorry for the delay in response. Inicidentally, I am actually no longer the tech lead for the PHlexDB project [I need to update the phlexdb.org site] -- the project has evolved into the Syntax project and you can learn more from: http://syntax.forumone.com/ . There is some new documentation there -- and links to new, more up-to-date sourceforge project. I'm glad, however, to see that you're interested in using the suite of tools -- and I hope that it serves your purpose. Yes, Syntax currently does require register_globals to be on -- although I this is really only a requirement for the administration / db setup tools, and not the public site. register_globals in PHP means that variables sent to a script via GET or POST (or cookies) automatically become part of the global namespace. Take a look at http://www.zend.com/manual/security.registerglobals.php to understand the security implications of this. I am copying the websyntax-core list, so feel free to post to that list if you have other questions, etc. Good luck. Cheers, Hans Adrian Columb wrote: >Hi Hans, > >I'm very impressed by PhlexDB/Syntax from reading all about it on your site. >I am now considering installing it for managing content on my site >http://www.danceportalglobal.com/. I was wondering if you could explain to >me the security implications of having register globals = ON, as it is >mentioned as a known flaw of the software? Otherwise it sounds great. > >Best, > >Adrian > > > |