jpmd26 Posted February 24, 2009 Share Posted February 24, 2009 I was discussing the template with a PHP programer and mentioned that if global vairable is ON then it's possible to insert any data into the database. This is what he said. "the variables like http://site.com/index.php?user=bob&authorized=1 become part of the code, no matter if they were initialized in the code. Even if the code doesn't have $user = $_GET['user']. People can put any variables they want directly to the code. If the template was developed with globals On, it is supposed to have security against such attack. But other sites on this server are not secure" Is there any security in the code? This is an ecommerce template and I'm sure there is a way to secure it. Any help. Thank you, John Link to comment Share on other sites More sharing options...
spooks Posted February 24, 2009 Share Posted February 24, 2009 Unfortunatly templates contain non-standard often out-dated code that is often somewhat modified from the core version, so are impossible to support except by the template writer, I suggest you speak to them. Security is rarely of any importance to template writers, they're only interested in making it pretty so u buy it, they don't care about the code. http://www.oscommerce.com/forums/index.php?showtopic=313323 Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.