PEAK XOOPS - Server changed to phpsuexec 
Server changed to phpsuexec
- You cannot open a new topic into this forum
- Guests cannot post into this forum
Previous post
-
Next post
|
Parent
-
Children.1
|
Posted on 2006/8/20 5:18
jlm69
Posts: 3
Posts: 3
After my server changed to phpsuexec, the protector module security advisor info is wrong. I used to have a .htaccess file that had in it the following lines
php_flag register_globals off
php_admin_flag allow_url_fopen off
php_flag session.use_trans_sid off
and the protector module worked fine, now I need a php.ini file with these lines
register_globals = Off
allow_url_fopen = Off
Now in the security advisory it says
'register_globals' : on Not secure
'allow_url_fopen' : on Not secure
'session.use_trans_sid' : on Not secure
If I check phpinfo on the site it says that they are all off.
Now my question, If the protector module doesn't recognize that these are off is the module working, or should I remove it or should I just ignore the security advisory page or is it a bug.
Thanks,
John
php_flag register_globals off
php_admin_flag allow_url_fopen off
php_flag session.use_trans_sid off
and the protector module worked fine, now I need a php.ini file with these lines
register_globals = Off
allow_url_fopen = Off
Now in the security advisory it says
'register_globals' : on Not secure
'allow_url_fopen' : on Not secure
'session.use_trans_sid' : on Not secure
If I check phpinfo on the site it says that they are all off.
Now my question, If the protector module doesn't recognize that these are off is the module working, or should I remove it or should I just ignore the security advisory page or is it a bug.
Thanks,
John
Votes:0
Average:0.00
GIJOE
Posts: 4110
Posts: 4110
Perhaps, protector's advisory is correct.
Check it by inserting pnpinfo(); into protector/admin/advisory.php like this.
Check it by inserting pnpinfo(); into protector/admin/advisory.php like this.
<?php
require_once( '../../../include/cp_header.php' ) ;
// beggining of Output
xoops_cp_header();
include( './mymenu.php' ) ;
// open table for ADVISORY
echo "<br />\n<div style='border: 2px solid #2F5376;padding:8px;width:95%;' class='bg4'>\n" ;
phpinfo(); // <- this line
Votes:1
Average:10.00
jlm69
Posts: 3
Posts: 3
How can this be, If I put it in like you said it shows them all on, but if I put it in a file in the sites root it shows them all off. Also if I put it in the modules folder it show them all on. I don't understand this, I will contact my host, do I need a php.ini file in every directory? That would be crazy.
Thanks,
John
Thanks,
John
Votes:0
Average:0.00
GIJOE
Posts: 4110
Posts: 4110
It's your server's problem.
Perhaps the administrator does not have enough skills.
You'd better change the server
Perhaps the administrator does not have enough skills.
You'd better change the server
Votes:0
Average:0.00
Previous post
-
Next post
|
Parent
-
No child
|
Posted on 2006/8/24 5:29
Dave_L
From: Virginia, USA
Posts: 35
From: Virginia, USA
Posts: 35
Maybe your php.ini file isn't in the correct place. The phpinfo() output will tell you which php.ini is being used.
Also see: http://us2.php.net/configuration
Also see: http://us2.php.net/configuration
Votes:1
Average:10.00
Login