[PLUG-Devel] Security Audit of Joomla!
Darrin Chandler
dwchandler at stilyagin.com
Sat Sep 9 08:10:07 MST 2006
On Sat, Sep 09, 2006 at 07:54:02AM -0700, Alan Dayley wrote:
>
> The PLUG site is now running Joomla! 1.0.11, listed in the solution to
> this vulnerability. I also set 'register_globals' disabled for our
> Joomla! directories with a custom php.ini in each subdirectory.
Phew!
Register_globals? That's been deprecated for some time, and should
always be set to Off. Anything that breaks because of that should be
fixed or replaced. It's been a common avenue of attack, and it's also a
sign of sloppy coding. Nice that you've got it disabled. :)
--
Darrin Chandler | Phoenix BSD Users Group
dwchandler at stilyagin.com | http://bsd.phoenix.az.us/
http://www.stilyagin.com/ |
More information about the PLUG-devel
mailing list