PhpSecInfo Test Information
magic_quotes_gpc
Test Description
Determines if magic_quotes_gpc is enabled.
Security Implications
The magic quotes option was introduced to help protect developers from SQL injection attacks. It effectively executes addslashes() on all information received over GET, POST or COOKIE. Unfortunately this protection isn't perfect: there are a series of other characters that databases interpret as special not covered by this function. In addition, data not sent direct to databases must un-escaped before it can be used.
Recommendations
Because it's inconsistent and ineffective, it's not recommended that magic_quotes_gpc be enabled. Rely on input filtering done by your scripts.
You can disable magic_quotes_gpc in the php.ini file:
; Disable magic_quotes_gpc
magic_quotes_gpc = 'off'
The setting can also be disabled in apache's httpd.conf file, or an .htaccess file:
# Disable magic_quotes_gpc
php_flag magic_quotes_gpc off
things that should always be turned off in php.ini on a live system
register_globals
allow_url_fopen
display_errors
magic_quotes_gpc
Reference: http://phpsec.org/projects/phpsecinfo/tests/magic_quotes_gpc.html
http://www.webmasterworld.com/forum88/8688.htm
My Blog List
-
`The Rising Threat to Linux Systems: How MDR Services Mitigate Risks - Linux systems, known for their robustness and reliability, are increasingly becoming targets for cybercriminals. The growing popularity of Linux, especia...2 days ago
-
How to find hard disk (SSD) serial numbers in Linux - [image: See all GNU/Linux related FAQ] You need to use the smartctl command to display the hard disk (SSD) serial numbers in Linux. This is useful when cha...1 week ago
-
PaloAlto init-cfg.txt Bootstrap Config file Layout with Examples - When you install and configure the PaloAlto firewall, when the firewall boots up for the first time, it does the bootstrapping process. PaloAlto uses the s...2 years ago
-
Clusterssh – Administer multiple ssh or rsh shells simultaneously - Sponsored Link The command opens an administration console and an xterm to all specified hosts. Any text typed into the administration console is replicate...3 years ago
-
Web Application Vulnerability Scanning Tools - Web Application Vulnerability Scanning Tools Nessus http://www.tenable.com/products/nessus PortSwigger https://portswigger.net/ qualys https://www.qualys....5 years ago
-
What You Don’t Know About Linux Open Source Could Be Costing to More Than You Think - Guest post by Marc Fisher If you would like to test out Linux before completely switching it as your everyday driver, there are a number of means by which ...6 years ago
-
Resolving Sysprep problems with App-X packages (Part 1) - This is the first of two articles explaining how to fix systems that won't Sysprep if Windows Native/App-X applications have been removed and Windows patches.7 years ago
-
V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...7 years ago
-
10 UNIX / Linuz Size Command Examples for ObjectFiles - Linux size is part of GNU binutils. This utility is very helpful for programmers to analyze the data from the executable files (or object files). By defaul...10 years ago
-
Updating VMware Tools on Red Hat Enterprise/Scientific/CentOS Linux 6 for VMware ESXi 5 - In a previous post I discussed installing the open source VMware tools for Red Hat Enterprise/Scientific/CentOS Linux 6 from a yum package repository provi...13 years ago
