Re: Policy on Web Applications

To: David Johnson <djohnson@jsatech.com>
Cc: debian-webapps@lists.debian.org
Subject: Re: Policy on Web Applications
From: Gareth Ardron <gareth@fission.org.uk>
Date: Fri, 03 Mar 2006 15:21:25 +0000
Message-id: <[🔎] 44085EF5.6000400@fission.org.uk>
In-reply-to: <[🔎] 000f01c63ed3$47a27ad0$1e02a8c0@crm.local>
References: <[🔎] 000f01c63ed3$47a27ad0$1e02a8c0@crm.local>

David Johnson wrote:

The policy document looks great and carefully thought out. We have not
finished our package development and released it yet, so we're not certain.
One question is in regards to PHP configuration.  For example our
application requires "register_global" to be turned on in PHP (which has
sufficient security structure in place where this is not a problem for us).
What approach should we take here?

I'd suggest probably:
php_value register_globals = "On"

in the apache virtualhost config, because the last thing that wants tohappen is for security issues with other apps to be created/exposed by aglobal change to php.ini.

Reply to:

References:
- RE: Policy on Web Applications
  - From: "David Johnson" <djohnson@jsatech.com>

Prev by Date: RE: Policy on Web Applications
Next by Date: Re: Policy on Web Applications
Previous by thread: RE: Policy on Web Applications
Next by thread: Re: Policy on Web Applications
Index(es):
- Date
- Thread