Security Flaws with register_globals
Posted: Tue Mar 25, 2008 11:57 am
Hey all
when register_globals is turned On and if the variable is not initialized, It can create a sever threat to sensitive information. wanna know how, read on..
register_globals
The two states of register_globals are 'on' or 'off' ie 'enabled' or 'disabled'.
By default the value of register_globals was 'On' (enabled), and from php version 4.2.0 the default value of register_globals was turned 'Off' (disabled).
When register_globals is 'On' it can inject the php script with all sort of variables from HTML forms.
And since php does not require variable initialization, writing insecure code is that much easier.
This example explains the concept
So when register_globals is turned On and if the variable is not initialized, It can create a sever threat to sensitive information.
And how do we turn on register_globals ?
You can turn it on for your individual web sites by entering the following into a .htaccess file:
php_flag register_globals on
The issues with register_globals will become history from php version 6.0.0. register_globals is removed from php6. So we got to worry about it only in versions prior to 6.0.0.
Hope you found it informative...
jeF..
when register_globals is turned On and if the variable is not initialized, It can create a sever threat to sensitive information. wanna know how, read on..
register_globals
The two states of register_globals are 'on' or 'off' ie 'enabled' or 'disabled'.
By default the value of register_globals was 'On' (enabled), and from php version 4.2.0 the default value of register_globals was turned 'Off' (disabled).
When register_globals is 'On' it can inject the php script with all sort of variables from HTML forms.
And since php does not require variable initialization, writing insecure code is that much easier.
This example explains the concept
Code: Select all
<?php
# here register_globals is turned 'On'
if(authoRizedUser){
$giveAccess = true;
}
if($giveAccess){
$this -> accessSensitiveData();
}
# since the variable $giveAccess is not initialized as false, and since register_globals is turned 'On'
# it can be defined through the register_global, and anyone can get Access.
# When register_globals is turned 'off', $giveAccess can't be set via request so it'll be fine, although it will be a good programming practice to initialize variables first.
?>And how do we turn on register_globals ?
You can turn it on for your individual web sites by entering the following into a .htaccess file:
php_flag register_globals on
The issues with register_globals will become history from php version 6.0.0. register_globals is removed from php6. So we got to worry about it only in versions prior to 6.0.0.
Hope you found it informative...
jeF..