stanhecht
Posts: 6
|
Posted: 03/10/2004, 5:09 PM |
|
Question: php doc stresses that its a security risk to set register globals on. Yet CCS manual says you should set register globals=on - otherwise you'll be unable to proceed past the login page. Comments? Is there a way to keep register globals off and still use CCS application security?? (I'm evaluating CCS and am puzzled by this design tradeoff.). Thanks - Stan.
|
|
|
peterr
Posts: 5971
|
Posted: 03/11/2004, 2:56 AM |
|
CodeCharge Studio (CCS) can be used with register_globals=off. It was our previous product, CodeCharge (CC) that did not allow this.
It is also secure to use CCS with globals=on. The code is properly written and we are not aware of security issues there.
Though I will try to obtain an additional confirmation on this just to be sure.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
stanhecht
Posts: 6
|
Posted: 03/11/2004, 10:26 AM |
|
Thanks for the update. CCS so far looks (and works) like a remarkable product. The documentation is also excellent. That advice about register globals came out of the CCS 2.1 manual (pdf, latest download I think). Maybe in the next CCS manual rev, revise that statement. User Guide, Section 6.6, page 131.
|
|
|
peterr
Posts: 5971
|
Posted: 03/11/2004, 5:10 PM |
|
Thanks. We'll update the doc.
_________________
Peter R.
YesSoftware Forums Moderator
For product support please visit http://support.yessoftware.com |
|
|
|