Hallo, I just read about a security hole in Mambo http://www.heise.de/newsticker/meldung/67006 (german) http://www.outpost24.com/ops/delta/FrameIndex.jsp?page=/ops/delta/news/News.jsp%3FXID%3D1157%26XVCLANGUAGEID%3D I understand that this is because mambo uses a emulation of the php-option register_globals=on I just looked at my webhoster and find out, that register_globals is on, but can be switched off with a php.ini - file in every directory. My questions are: is this already a (small?) security hole in my webserver configuration, how bad is it, does DokuWiki needs it? Follow up question: if DokuWiki would run with register_globals=off, is there still a possibility to log-in into Dokuwiki without using the login dialog by calling a link like http://wiki.splitbrain.org/wiki:discussion:acl?do=login&u=user&p=passwort Greetings Konrad Bauckmeier -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist