From amish_munshi@sify.com Wed Jan 22 03:15:04 2003 From: Amish Munshi To: linuxers@mm.ilug-bom.org.in Subject: [ILUG-BOM] PHP and apache 2.0 Date: Wed, 22 Jan 2003 03:22:41 +0000 Message-ID: <20030121214934.GA7415@munshi.dyndns.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3530811008504985124==" --===============3530811008504985124== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Hi, I am working on RH8.0. I configured php and apache, but the post or get are not working. Any data sent by the form is not being received by the php page. This is the content of my index.html
And here is my trial.php But the output is a blank page, the phpinfo() page is working absolutely fine. The output of the rpm command is as shown below. [root(a)munshi html]# rpm -qa | grep php php-imap-4.2.2-8.0.5 php-mysql-4.2.2-8.0.5 php-dbg-server-2.10pl3-6 php-dbg-client-2.10-6 php-pgsql-4.2.2-8.0.5 php-ldap-4.2.2-8.0.5 php-manual-4.2.2-8.0.5 php-dbg-base-2.10-4 php-4.2.2-8.0.5 php-odbc-4.2.2-8.0.5 [root(a)munshi html]# [root(a)munshi html]# rpm -qa | grep httpd httpd-manual-2.0.40-8 httpd-2.0.40-8 redhat-config-httpd-1.0.1-13 [root(a)munshi html]# Where should I start hunting for the solutions. Bye. -- Amish K. Munshi In GNU we trust. --===============3530811008504985124==-- From kapil_karekar@vsnl.net Wed Jan 22 04:32:40 2003 From: Kapil Karekar To: linuxers@mm.ilug-bom.org.in Subject: Re: [ILUG-BOM] PHP and apache 2.0 Date: Wed, 22 Jan 2003 04:35:38 +0000 Message-ID: <002c01c2c1a1$5a2eb0e0$0a111e0a@speedsurf.net> In-Reply-To: <20030121214934.GA7415@munshi.dyndns.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5388890064537209820==" --===============5388890064537209820== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Hi Amish, try setting "register_globals = On" in the php.ini file. Let me know if it works. Regards, Kapil Karekar Libre Technologies kapil at libretech.com 091-022-28677305 http://www.libretech.com --------------------------------------- Let's build a Free Software Economy --------------------------------------- ----- Original Message ----- From: Amish Munshi To: Sent: Wednesday, January 22, 2003 3:19 AM Subject: [ILUG-BOM] PHP and apache 2.0 > Hi, > > I am working on RH8.0. I configured php and apache, but the post > or get are not working. Any data sent by the form is not being received > by the php page. > > This is the content of my index.html > > > >
> > >
> > > > > And here is my trial.php > > > > > echo("$amish"); > ?> > > > > But the output is a blank page, the phpinfo() page is working > absolutely fine. > The output of the rpm command is as shown below. > > > [root(a)munshi html]# rpm -qa | grep php > php-imap-4.2.2-8.0.5 > php-mysql-4.2.2-8.0.5 > php-dbg-server-2.10pl3-6 > php-dbg-client-2.10-6 > php-pgsql-4.2.2-8.0.5 > php-ldap-4.2.2-8.0.5 > php-manual-4.2.2-8.0.5 > php-dbg-base-2.10-4 > php-4.2.2-8.0.5 > php-odbc-4.2.2-8.0.5 > [root(a)munshi html]# > [root(a)munshi html]# rpm -qa | grep httpd > httpd-manual-2.0.40-8 > httpd-2.0.40-8 > redhat-config-httpd-1.0.1-13 > [root(a)munshi html]# > > > Where should I start hunting for the solutions. > > Bye. > -- > Amish K. Munshi > In GNU we trust. --===============5388890064537209820==-- From amish_munshi@sify.com Wed Jan 22 10:16:40 2003 From: Amish Munshi To: linuxers@mm.ilug-bom.org.in Subject: Re: [ILUG-BOM] PHP and apache 2.0 Date: Wed, 22 Jan 2003 10:19:38 +0000 Message-ID: <20030122045131.GA596@munshi.dyndns.org> In-Reply-To: <002c01c2c1a1$5a2eb0e0$0a111e0a@speedsurf.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2283141377763006786==" --===============2283141377763006786== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Wed, Jan 22, 2003 at 04:33:46AM +0530, Kapil Karekar wrote: > Hi Amish, >=20 > try setting "register_globals =3D On" in the php.ini file.=20 This worked. Thanks. php.ini says that this can be a security problem, what = kind of security problem can this be? >=20 > Let me know if it works. >=20 > Regards, > Kapil Karekar > Libre Technologies > kapil at libretech.com > 091-022-28677305 > http://www.libretech.com > --------------------------------------- > Let's build a Free Software Economy >=20 --=20 Amish K. Munshi In GNU we trust. --===============2283141377763006786==-- From mohancheema@softhome.net Wed Jan 22 10:17:32 2003 From: Mohan Cheema To: linuxers@mm.ilug-bom.org.in Subject: Re: [ILUG-BOM] PHP and apache 2.0 Date: Wed, 22 Jan 2003 10:21:42 +0000 Message-ID: <3E2E2394.30005@softhome.net> In-Reply-To: <20030121214934.GA7415@munshi.dyndns.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8878668152169289858==" --===============8878668152169289858== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Amish Munshi wrote: >Hi, > > I am working on RH8.0. I configured php and apache, but the post >or get are not working. Any data sent by the form is not being received >by the php page. > >This is the content of my index.html > > > >
> ^^^ instead of get method use post method -- "On a normal ascii line, the only safe condition to detect is a 'BREAK' - everything else having been assigned functions by Gnu EMACS." (By Tarl Neustaedter) --===============8878668152169289858==-- From ranjeet@nttindia.com Wed Jan 22 11:25:57 2003 From: ranjeet@nttindia.com To: linuxers@mm.ilug-bom.org.in Subject: Re: [ILUG-BOM] PHP and apache 2.0 Date: Wed, 22 Jan 2003 11:32:21 +0000 Message-ID: <1151.61.11.8.59.1043215060.squirrel@nttindia.com> In-Reply-To: <20030122045131.GA596@munshi.dyndns.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7460701872517082865==" --===============7460701872517082865== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit >> try setting "register_globals = On" in the php.ini file. > >Amish wrote > This worked. Thanks. php.ini says that this can be a security problem, > what kind of security problem can this be? did u check release info? http://www.php.net/release_4_2_0.php php4.2 onwards keep register_globals = off by default i.e. domain.com/foo.php?bar=xxxx you will have to write $var_name=$_GET['bar']; if the method is post then $var_name=$_POST['bar'] more info: http://www.php.net/manual/en/language.variables.external.php About the security http://www.php.net/manual/en/security.registerglobals.php Regards, Ranjeet --===============7460701872517082865==-- From amish_munshi@sify.com Wed Jan 22 12:32:21 2003 From: Amish Munshi To: linuxers@mm.ilug-bom.org.in Subject: Re: [ILUG-BOM] PHP and apache 2.0 Date: Wed, 22 Jan 2003 12:39:23 +0000 Message-ID: <20030122070629.GA11843@munshi.dyndns.org> In-Reply-To: <3E2E2394.30005@softhome.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2359199965828196247==" --===============2359199965828196247== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit On Wed, Jan 22, 2003 at 10:22:36AM +0530, Mohan Cheema wrote: > Amish Munshi wrote: > > >Hi, > > > > I am working on RH8.0. I configured php and apache, but the post > >or get are not working. Any data sent by the form is not being received > >by the php page. > > > >This is the content of my index.html > > > > > > > > > > > > ^^^ > instead of get method use post method I did use it, but even that did not work. The register_globals =On did work, but it says that there is some problem with security with using it. I would like to know the alternative > > -- Amish K. Munshi In GNU we trust. --===============2359199965828196247==-- From amish_munshi@sify.com Wed Jan 22 12:45:49 2003 From: Amish Munshi To: linuxers@mm.ilug-bom.org.in Subject: Re: [ILUG-BOM] PHP and apache 2.0 Date: Wed, 22 Jan 2003 12:54:57 +0000 Message-ID: <20030122072042.GB11843@munshi.dyndns.org> In-Reply-To: <1151.61.11.8.59.1043215060.squirrel@nttindia.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2595946351055991259==" --===============2595946351055991259== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit On Wed, Jan 22, 2003 at 11:27:40AM +0530, ranjeet(a)nttindia.com wrote: > php4.2 onwards keep register_globals = off by default > About the security > http://www.php.net/manual/en/security.registerglobals.php Thanks a lot for the info, it was very helpful. > > > Regards, > Ranjeet > > > > > -- > _______________________________________________ > > http://mm.ilug-bom.org.in/mailman/listinfo/linuxers > > > -- Amish K. Munshi In GNU we trust. --===============2595946351055991259==-- From amitay@aero.iitb.ac.in Wed Jan 22 14:16:46 2003 From: Amitay Isaacs To: linuxers@mm.ilug-bom.org.in Subject: Re: [ILUG-BOM] PHP and apache 2.0 Date: Wed, 22 Jan 2003 14:19:42 +0000 Message-ID: <20030122084824.GD7497@euler> In-Reply-To: <20030122070629.GA11843@munshi.dyndns.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7650532832916630487==" --===============7650532832916630487== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Use POST method only. Also turn the register_globals off in the configuration file. To access the variables which are posted you can use the special variables. $_POST["varname"] Amitay. On Wed, Jan 22, 2003 at 12:36:29PM +0530, Amish Munshi wrote: > On Wed, Jan 22, 2003 at 10:22:36AM +0530, Mohan Cheema wrote: > > Amish Munshi wrote: > > > > >Hi, > > > > > > I am working on RH8.0. I configured php and apache, but the post > > >or get are not working. Any data sent by the form is not being received > > >by the php page. > > > > > >This is the content of my index.html > > > > > > > > > > > > > > > > > > > ^^^ > > instead of get method use post method > > I did use it, but even that did not work. The register_globals =On > did work, but it says that there is some problem with security with using > it. I would like to know the alternative > > > > > > > -- > Amish K. Munshi > In GNU we trust. > > -- > _______________________________________________ > > http://mm.ilug-bom.org.in/mailman/listinfo/linuxers > > Amitay. -- What you see is what you get - except in pre-packaged strawberries. --===============7650532832916630487==-- From philip@konark.ncst.ernet.in Wed Jan 22 14:49:32 2003 From: Philip S Tellis To: linuxers@mm.ilug-bom.org.in Subject: Re: [ILUG-BOM] PHP and apache 2.0 Date: Wed, 22 Jan 2003 14:55:36 +0000 Message-ID: In-Reply-To: <20030122084824.GD7497@euler> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4211498707538190571==" --===============4211498707538190571== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit On Wed, 22 Jan 2003, Amitay Isaacs wrote: > Use POST method only. Also turn the register_globals off in the ^^^^^^^^^^^^^^^^^^^^^^ why? -- How long does it take a DEC field service engineer to change a lightbulb? It depends on how many bad ones he brought with him. --===============4211498707538190571==-- From amitay@aero.iitb.ac.in Wed Jan 22 15:17:51 2003 From: Amitay Isaacs To: linuxers@mm.ilug-bom.org.in Subject: Re: [ILUG-BOM] PHP and apache 2.0 Date: Wed, 22 Jan 2003 15:20:38 +0000 Message-ID: <20030122094930.GF7497@euler> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5127536369944126940==" --===============5127536369944126940== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Generally GET methods can be forged easily by adding query string to the URL. Whereas POST forging needs a little elaboration. So POST is the preferred method for sending data. Amitay. On Wed, Jan 22, 2003 at 02:49:12PM +0530, Philip S Tellis wrote: > On Wed, 22 Jan 2003, Amitay Isaacs wrote: > > > Use POST method only. Also turn the register_globals off in the > ^^^^^^^^^^^^^^^^^^^^^^ > > why? > > > -- > How long does it take a DEC field service engineer to change a lightbulb? > > It depends on how many bad ones he brought with him. > > > -- > _______________________________________________ > > http://mm.ilug-bom.org.in/mailman/listinfo/linuxers > > Amitay. -- I may not have gone where I intended to go, but I think I have ended up where I intended to be. - Douglas Adams --===============5127536369944126940==-- From amish_munshi@sify.com Wed Jan 22 15:25:32 2003 From: Amish Munshi To: linuxers@mm.ilug-bom.org.in Subject: Re: [ILUG-BOM] PHP and apache 2.0 Date: Wed, 22 Jan 2003 15:30:54 +0000 Message-ID: <20030122100021.GB1190@munshi.dyndns.org> In-Reply-To: <20030122084824.GD7497@euler> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5965173196738801303==" --===============5965173196738801303== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit On Wed, Jan 22, 2003 at 02:18:24PM +0530, Amitay Isaacs wrote: > Use POST method only. Also turn the register_globals off in the > configuration file. To access the variables which are posted > you can use the special variables. I have lots of scripts which use $vaname directly. I understand the security issues and will be programming future scripts with $_POST["varname"] in future. But whats wrong in having GET instead of POST? Is there a way by which I can change all the varaiables from $_POST["varname"] to $varname. Any function that can transfer all the variables from _POST to ones without _POST, I do not want to modify all the scripts I have already written with $varname to $_POST["varname"]. > > $_POST["varname"] > > Amitay. > -- Amish K. Munshi In GNU we trust. --===============5965173196738801303==-- From philip@konark.ncst.ernet.in Wed Jan 22 17:15:12 2003 From: Philip S Tellis To: linuxers@mm.ilug-bom.org.in Subject: Re: [ILUG-BOM] PHP and apache 2.0 Date: Wed, 22 Jan 2003 17:23:02 +0000 Message-ID: In-Reply-To: <20030122094930.GF7497@euler> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5032375679536675137==" --===============5032375679536675137== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit On Wed, 22 Jan 2003, Amitay Isaacs wrote: > Generally GET methods can be forged easily by adding query string to > the URL. Whereas POST forging needs a little elaboration. So POST is > the preferred method for sending data. you mean security through obscurity is better than no security at all? and what does forging the url have to do with the fact that he wasn't able to get what was passed? Philip -- In a museum in Havana, there are two skulls of Christopher Columbus, "one when he was a boy and one when he was a man." -- Mark Twain --===============5032375679536675137==-- From philip@konark.ncst.ernet.in Wed Jan 22 17:15:42 2003 From: Philip S Tellis To: linuxers@mm.ilug-bom.org.in Subject: Re: [ILUG-BOM] PHP and apache 2.0 Date: Wed, 22 Jan 2003 17:23:31 +0000 Message-ID: In-Reply-To: <20030122100021.GB1190@munshi.dyndns.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============9132033943118911601==" --===============9132033943118911601== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit On Wed, 22 Jan 2003, Amish Munshi wrote: > I have lots of scripts which use $vaname directly. I understand > the security issues and will be programming future scripts with what security issues? -- "Being against torture ought to be sort of a bipartisan thing." -- Karl Lehenbauer --===============9132033943118911601==-- From devdas@dvb.homelinux.org Sun Feb 9 11:38:53 2003 From: Devdas Bhagat To: linuxers@mm.ilug-bom.org.in Subject: Re: [ILUG-BOM] PHP and apache 2.0 Date: Sun, 09 Feb 2003 11:41:19 +0000 Message-ID: <20030209114520.A1965@evita.devdas.geek> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7743494797552871422==" --===============7743494797552871422== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit On 22/01/03 17:15 +0530, Philip S Tellis wrote: > On Wed, 22 Jan 2003, Amish Munshi wrote: > > > I have lots of scripts which use $vaname directly. I understand > > the security issues and will be programming future scripts with > > what security issues? I believe Amish meant the issues with register_globals = off. Thats like running a Perl CGI without use strict and -wT. Devdas Bhagat --===============7743494797552871422==--