Guest Posted May 9, 2005 Share Posted May 9, 2005 in the 1.0.7 version of cubecart and the new 3.0.0 is register_globals beeing used in this? as I have found some information that say's they have security holes.. Here is what I found.... there are numerous ways around register_globals=off, but it is down to the script producer to write code that keeps up with known security holes, and if your scripts have not been updated you need to talk to the authors register_golbals security hole has been known about for over a year and this should have been known by all php authors, it is only now we have noticed the users abusing the servers using it and so it is only now we have had to turn it of to secure our servers and your accounts there is no way we can turn register_globals back on, due to the secrity issues it will cause, I'm sure you know what we mean. due to the recent trojan attack on 40,000 sites on the web, we would be lacking in the duty to all our customers to leave open a open door for hackers to abuse our servers and your sites. Please let me know A.S.A.P Thanks... Quote Link to comment Share on other sites More sharing options...
Guest Posted May 10, 2005 Share Posted May 10, 2005 (edited) look in the downloads there is a patch for 2.0.7 to let it work with register globals off. Look at this thread for the background on this mod. having Register globals ON is a well known security flaw. Brooky is well aware of this and has said from the start that cc3 will work with globals off. I still maintain that even with globals ON, a well written script will still be totally secure. your host is jumping on the bandwagon of switching globals off. I am glad my host is more understanding. Edited May 10, 2005 by sculptex Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.