Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Global Variable ON


jpmd26

Recommended Posts

I was discussing the template with a PHP programer and mentioned that if global vairable is ON then it's possible to insert any data into the database. This is what he said.

 

 

 

"the variables like http://site.com/index.php?user=bob&authorized=1 become part of the code, no matter if they were initialized in the code. Even if the code doesn't have $user = $_GET['user']. People can put any variables they want directly to the code.

If the template was developed with globals On, it is supposed to have security against such attack. But other sites on this server are not secure"

 

Is there any security in the code? This is an ecommerce template and I'm sure there is a way to secure it.

 

Any help.

 

Thank you,

John

Link to comment
Share on other sites

Unfortunatly templates contain non-standard often out-dated code that is often somewhat modified from the core version, so are impossible to support except by the template writer, I suggest you speak to them.

 

Security is rarely of any importance to template writers, they're only interested in making it pretty so u buy it, they don't care about the code.

 

http://www.oscommerce.com/forums/index.php?showtopic=313323

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...