[Pro] Webyep security question

Hi all,

I have just completed a website for a client using Walters Carousel action and WebYep, with Max Fancourts WY actions and all appears well, apart from the fact that the client insists upon using BT to host the website !

http://www.smithgoodfellow.co.uk

They have a business account with BT for broadband etc. anyway I called tech support to ask them to switch off register_globals as suggested. They told me that in order to do that the client would have to upgrade to the advanced package for another £15 per month, which they are not keen to do. Now I do not like BT for a number of reasons and I have tried to get the client to let me host the site but they seem set on staying with BT, however in order to be able to let my client know of any future problems can anyone please tell me…

What are the security implications if register_globals is left switched on ?

thanks

Gary


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Hi Gary
probably the best way to describe is from this explanation
http://en.wikibooks.org/wiki/PHP_Programming/Register_Globals
the basic gist is globals left on has a greater security risk for the site in general including forms and not just webyep and as long as the clients knows that and he’s not willing to pay the extra 15 pound then I cant see you can do very much.

all the best max


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

On 16 Oct 2009, 1:22 pm, max wrote:
Hi Gary
probably the best way to describe is from this explanation
PHP Programming/Configuration: Register Globals - Wikibooks, open books for an open world

Thanks for that Max, very interesting article ( bits of it are over my head ) but I get the gist of it all. the article here http://www.php.net/manual/en/security.globals.php has some suggestions by various people how to work round register_globals being ON , again I am a little lost but do you know if any of these might work and if so where would you put them ?

sorry to be a bit of a thicko in this area )-:

After your comment I intend to write to the client explaining the possible risks so that if the site does get hacked, he will have to pay me to re-set it all up again. and that it would be cheaper for me to host it with a proper company ( ie NOT BT. ) in the first place…

thanks for replying and thanks for the WebYep actions, it all works just fine :slight_smile:

cheers

Gary


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Hi Gary
the problem with the possible solutions are that I have no idea what effect they may have on any given server and what they may do to webyep itself. I have only read through them quickly and as fast as some one adds a possible work around the next person is calling the code rubbish, and advising not to touch it with a barge pole. So I personally would just point out the server shortcomings and leave it in the clients hands

max


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Thanks very much Max,

I appreciate the feedback and I think passing the decision back to the client is the best idea.

Gary


offtopic mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options