Hello, I learned about gpEasy on the Make Use Of website. A user there said that because this cms requires "register global" to be turned on that this might be a security problem that could result in the site being hijacked. They referenced this link:
And this specific line from that site: "This feature has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged."
I wanted to ask if the developers of gpEasy (or a knowledgeable user) have a response to this claim or has this concern been addressed in the latest release? Thanks!
I went looking a bit for this info and found this:
I applied the htaccess mentioned in the post to my localhost install without a problem. . . but again, not my area.
From everything I can tell. . . when you install gpEasy it expects "Register Globals" to be OFF. At least that's what it says when I test a new install under xampplite.
I also ran across this page:
where someone clearly left an install in progress or something and as you can see gpEasy installed just fine with Globals OFF. . . as it does under xampplite on my computer ;)
here's another post where Josh addresses installing when php is in safe mode:
I even checked out the two exploits that are published for pre 1.6.3 and tested them against gpeasy.com without success. . .
Nonetheless, like I said, I'm not a code expert so I can't really say anything to the security within the code but I doubt Josh would let security slide. Hopefully some of the wiser users will chime in if necessary.
Find out more about our Provider Spotlight