[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PMASA-2005-6 when "register_globals = on"



On Tue, 15 Nov 2005, Steve Kemp wrote:
> On Tue, Nov 15, 2005 at 05:54:32PM +0100, Piotr Roszatycki wrote:
> > http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6 reports 
> > that sarge's phpmyadmin package has a security flaw which is occured only if 
> > "register_globals = on" setting is used.
> > 
> > This feature is disabled in Debian package by default so I doubt if this is 
> > serious problem. I'd like to ask if I should prepare the new package for 
> > sarge or not?
> 
>   I think an upload would be justified.

Agreed. I know from real life that many servers are *forced* to run with
register_globals = on, due to reasons I'd rather not comment upon.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh



Reply to: