Based on my research here and at ComputerCops, there seems to have been some discussion on this subject, but I have found something strange on my site that requires some explanation.
After running analyze.php, I had a warning regarding the version of PHP on my servers. I have finally received notice from my hosting company that they have upgraded. Now, I am receiving the SQL Injection Attack warning.
However, after reviewing the contents of my php.ini file, I find the following:
Yes ... I read all 3 pages of that thread before I even posted here. It seems that those sites did need to make some changes ... and then the continuing debate with the Guest ... but I am not sure that I need to make any changes to my php.ini when it looks like all is fine.
I noticed in that thread that another user posted a possible code fix in the mainfile.php and I noticed no one responded to whether that was a valid fix for the problem. If it is, then the analyze.php file should be fixed to check for that line of code in that file as well before issuing a warning.
I thought this might bring up some new or yet to be resolved issues.
Thanks for the link though.
erbuc
VinDSL Site Admin
Joined: Jul 08, 2003
Posts: 1193
Location: Arizona (USA) Site Admin: Lenon.com Admin: Disipal Designs
Posted:
Sun Aug 10, 2003 2:02 am
You know, I was just looking at my setup and several of the values are empty. Hrm...
I noticed in that thread you provided the link for, that Paul mentioned in his research that when the values were left unassigned, the defaulted to "on".
I hope so ... what does your analyze.php script say?
erbuc
===============
I spent most of my money on booze and women ...
... the rest I just wasted.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
