[pmwiki-users] pmwiki exploit

V.Krishn webmaster at insteps.net
Wed Sep 6 07:08:09 CDT 2006

On Wednesday 06 September 2006 14:47, Thomas -Balu- Walter wrote:
> On Wed, Sep 06, 2006 at 01:26:39PM +0530, V.Krishn wrote:
> > >     php_flag register_globals off
> >
> > Thanks for the warnings.
> > Its amazing how my webspace provider had left this variable on. If I am
> > not mistaken this variable got to be off by default in PHP 4.2 and above.
> There are still a lot of applications that need to have this on. So most
> providers enable it...
I guess so, but I think the best way would be each application has its 
required settings in their own .htaccess at its root folder. I might be 
mistaken,  or is it that the server is still at risk if only one application 
is secured?

>      Balu
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users

More information about the pmwiki-users mailing list