Page 1 of 1

Security Flaws with register_globals

Posted: Tue Mar 25, 2008 11:57 am
by francisjeffy
Hey all

when register_globals is turned On and if the variable is not initialized, It can create a sever threat to sensitive information. wanna know how, read on..

register_globals

The two states of register_globals are 'on' or 'off' ie 'enabled' or 'disabled'.

By default the value of register_globals was 'On' (enabled), and from php version 4.2.0 the default value of register_globals was turned 'Off' (disabled).

When register_globals is 'On' it can inject the php script with all sort of variables from HTML forms.
And since php does not require variable initialization, writing insecure code is that much easier.


This example explains the concept

Code: Select all

<?php
 
# here register_globals is turned 'On'
 
if(authoRizedUser){
    $giveAccess = true;
}
 
if($giveAccess){
    $this -> accessSensitiveData();
}
 
# since the variable $giveAccess is not initialized as false, and since register_globals is turned 'On' 
# it can be defined through the register_global, and anyone can get Access.
 
# When register_globals is turned 'off', $giveAccess can't be set via request so it'll be fine, although it will be a good programming practice to initialize variables first.
 
?>
So when register_globals is turned On and if the variable is not initialized, It can create a sever threat to sensitive information.

And how do we turn on register_globals ?

You can turn it on for your individual web sites by entering the following into a .htaccess file:
php_flag register_globals on

The issues with register_globals will become history from php version 6.0.0. register_globals is removed from php6. So we got to worry about it only in versions prior to 6.0.0.

Hope you found it informative...

jeF..

Re: Security Flaws with register_globals

Posted: Tue Mar 25, 2008 3:59 pm
by nickvd
really? interesting... :wink:

Though how this relates to swift, I am not sure...

Re: Security Flaws with register_globals

Posted: Wed Mar 26, 2008 12:36 am
by Chris Corbyn
:arrow: Moved to PHP Code