Making Global On SAFE

Forum Moderators: coopster

Message Too Old, No Replies

Making Global On SAFE

Would that code help making it safe?

smagdy

11:35 am on Feb 10, 2007 (gmt 0)

I built my code on Global On and i get errors that i cant fix when i make it off..

So, i am trying to make it safe.

so if i disabled any query string, would that make it safe?

i am using Apache, php, mysql, ive this code in begining of each file.

<?
$parse_url = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);

if(strpos($_SERVER['REQUEST_URI'],"?"))
{
header("Location: /");
exit;
}
?>

Would that make it safe and is there anything else that i should check?

Thanks in advance

dreamcatcher

1:28 pm on Feb 10, 2007 (gmt 0)

Hi smagdy,

and i get errors that i cant fix when i make it off..

What errors are you referring to?

smagdy

1:33 pm on Feb 10, 2007 (gmt 0)

Its something related to sessions and so, that was few weeks ago and i really dont prefer to go back to it to not break something else. its just working perfectly now!

smagdy

2:28 pm on Feb 10, 2007 (gmt 0)

So would what i said make it safe?

smagdy

8:03 pm on Feb 14, 2007 (gmt 0)

Anybody?

coopster

12:15 am on Feb 19, 2007 (gmt 0)

Disabling query strings will not necessarily make it safe. If you have any forms whatsoever the end user could make a local copy of the form and modify it and then GET or POST the data that way too. Why not determine where your application is failing when register_globals is turned off? Best practice in my opinion!

smagdy

12:24 am on Feb 19, 2007 (gmt 0)

Hello,

Thanks for reply, but can you please explain this part:

"make a local copy of the form and modify it and then GET or POST the data that way too"

What can he do after having a stored copy of the form?
Also i detect in all form if it was submited from my domain b4 executing! so would that help too?

About searching for the failure: i am afraid that i fix it, but i find it failing in other place too, i mean i dono what will i break in the site more.. so.......

Thanks in advance