[php-maint] Bug#336645: Bug 336645: PHP 4.4.1 Security Fixes
Christian Stadler
stadler at ragnarokonline.de
Fri Dec 2 17:40:20 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Mitchell wrote:
> As a user, I wanted to throw my two cents in. Our security administrator
> _is_ considering this particular fix to be critical, and has made it a
> required patch. While it's true that this particular fix is protecting
> against poorly written PHP scripts, it also appears to be the case that
> such poorly written software is fairly common and is being actively
> targeted. I also think that with this patch in PHP itself, there will be
> a lot less pressure for any of the packages which employ unsafe variable
> handling to actually get fixed. I know that I personally don't have a
> lot of say on the matter, but it would be nice if the patched version
> was released sooner. Thanks for your time.
You can always turn off register_globals in you php.ini.
register_globals = Off is a recommended setting anyway.
Regards,
Christian Stadler
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFDkIcC9250Hcbf/3IRArrOAJwMks6Iifcri/wNEkgEsGmt5jt4dwCcDqm2
epwlnPWFlDF6MiTfeTd1SFM=
=nGgv
-----END PGP SIGNATURE-----
More information about the pkg-php-maint
mailing list