turn globals off

  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

I have seen many threads, many scripts, many topics, many tutorials where it explains that globals need to be turned off?

:?

I have absolutely no clue what this means, and are using arrays safer to use that just normally inputting data?
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

I think it's because many php applications have vulnerabilities that can be exploited if global variables is left on. Even the phpBB board has one that can be exploited.

A quick Google search for : globals + vulnerabilities will show you what I mean.
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

How can i avoid this type of situation?
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

turn globals off in php. If you don't have access to the server you would need to request it of your host. I don't run linux servers so I'm not sure how to tell you how to go about it, but there's probably several here who can.
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

What exactly are globals, i seriously have no clue.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

http://www.strath.ac.uk/IT/Docs/Ccourse ... 3_6_3.html

Basically, the idea is that global variables can be used be all functions.
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

Hey a question about sessions...

If a session is created, how will another page recognise who the user is by the session?? I mean say if there are 2 users, wont the script get confused?
  • Scorpius
  • Proficient
  • Proficient
  • User avatar
  • Posts: 401
  • Loc: Scorpion Hole

Post 3+ Months Ago

Its pretty simple to turn off globals. If you have a Linux machine just go in /etc/php.ini and where it says
register_globals on
change it to
register_globals off
Although most hosting companies have it turned off by default because PHP now does that by default.
To check if you have it on or not, make a php file and just put
PHP Code: [ Select ]
<?php
 
   phpinfo();
 
?>
  1. <?php
  2.  
  3.    phpinfo();
  4.  
  5. ?>

and you will see all your variables.
Hope that was of some help to you.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

phpBB uses a few methods to validate and remember users. This link explains it pretty well:

http://www.phpbb.com/kb/article.php?article_id=54

Truthfully nem, it's refreshing to see your tenacity at learning this, but you should take some real effort to study the code itself. For example, just take this phpBB board script and start to look at every file and study what each and every function and variable does. IMO this script is pretty highly developed and can teach a beginner a lot. I still consider myself a beginner at php and the study of this script is how I'm learning to understand it.
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

Thanks atno for the advice.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

No prob. Another good learning tool is phpMyAdmin and study the structure of the tables in a script. For example as you'll note from the link above phpBB uses a combination of Session ID's (stored in the database and encrypted) and Cookies stored on the users machine. It's a huge challenge to do it right and get a good security in place. I suppose that's why the phpBB group is a "group" and not an individual. Most really good programs are not just written by one person.
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

yeah, but what about invisionboard. I would say that board is more secure than phpbb.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Really?

http://www.threatfocus.com/vuln_detail. ... t_id=12268
https://www.edgeos.com/threats/details.php?id=11977
  • Nem
  • Guru
  • Guru
  • Nem
  • Posts: 1243
  • Loc: UK

Post 3+ Months Ago

OUCH
  • Tannu4u
  • Proficient
  • Proficient
  • User avatar
  • Posts: 480
  • Loc: India

Post 3+ Months Ago

I think that turning the globals of can protect u from being hacked.If globals are on then hackers can get the values of these globals from the streams and can have undue advantage.So to turn globals off is to make ur system operate more safely.

Post Information

  • Total Posts in this topic: 15 posts
  • Users browsing this forum: No registered users and 109 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.