Register Globals (register_globals)
Secure you application by disabling register_globals variable,
register_globals was meant to help rapid application development.
Any URL which includes a query string,the register_globals statement allows us to access the value of variable with $variable instead of $_GET['variable'] automatically.
This might be useful for us, but all variables in the code now have this property, and we can now easily get into PHP applications that do not protect against this unintended consequence.
If you have added below code into your login page,
if(!empty($_POST['user_name']) && $_POST['user_name'] == 'abc' && !empty( $_POST['password'] ) && $_POST['password'] == "abc123")
{
$valid = true;
}
if($valid==true) { $show_user_pages = 1; }
If the application is running with register_globals ON, a user could just place valid=1 into a query string, and would then have access to whatever the script is running.
So it is better to running application with register_globals OFF.
We cannot disable register_globals from the script side, but we can use an .htaccess files or change php.ini file to do this.
Disabling with php.iniregister_globals = Off
Disabling with .htaccess
php_flag register_globals 0
Enjoy with secure php script with register_globals Off !!
Secure you application by disabling register_globals variable,
register_globals was meant to help rapid application development.
Any URL which includes a query string,the register_globals statement allows us to access the value of variable with $variable instead of $_GET['variable'] automatically.
This might be useful for us, but all variables in the code now have this property, and we can now easily get into PHP applications that do not protect against this unintended consequence.
If you have added below code into your login page,
if(!empty($_POST['user_name']) && $_POST['user_name'] == 'abc' && !empty( $_POST['password'] ) && $_POST['password'] == "abc123")
{
$valid = true;
}
if($valid==true) { $show_user_pages = 1; }
If the application is running with register_globals ON, a user could just place valid=1 into a query string, and would then have access to whatever the script is running.
So it is better to running application with register_globals OFF.
We cannot disable register_globals from the script side, but we can use an .htaccess files or change php.ini file to do this.
Disabling with php.iniregister_globals = Off
Disabling with .htaccess
php_flag register_globals 0
Enjoy with secure php script with register_globals Off !!
Get in touch today! If you’re looking to take your business to the next level with Laravel Development. Connect Infosoft Technologies is a leading provider of Laravel Development Services, leveraging the power of this popular PHP framework to deliver robust, scalable and feature-rich web applications. Hire Laravel Developers in Delhi
ReplyDelete