|
[dokuwiki]
||
[Date Prev]
[12-2005 Date Index]
[Date Next]
||
[Thread Prev]
[12-2005 Thread Index]
[Thread Next]
[dokuwiki] does DokuWiki needs register_globals=on?
- From: "K. Bauckmeier-PTW Dresden" <K.Bauckmeier@xxxxxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Tue, 06 Dec 2005 13:21:25 +0100
Hallo,
I just read about a security hole in Mambo
http://www.heise.de/newsticker/meldung/67006 (german)
http://www.outpost24.com/ops/delta/FrameIndex.jsp?page=/ops/delta/news/News.jsp%3FXID%3D1157%26XVCLANGUAGEID%3D
I understand that this is because mambo uses a emulation of the php-option
register_globals=on
I just looked at my webhoster and find out, that register_globals is on, but
can be
switched off with a php.ini - file in every directory.
My questions are: is this already a (small?) security hole in my webserver
configuration,
how bad is it, does DokuWiki needs it?
Follow up question: if DokuWiki would run with register_globals=off, is there
still a
possibility to log-in into Dokuwiki without using the login dialog by calling a
link like
http://wiki.splitbrain.org/wiki:discussion:acl?do=login&u=user&p=passwort
Greetings Konrad Bauckmeier
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
|
|
