Re: Request to put GNOME Journal onto the gnome.org servers

From: Ross Golder <ross golder org>
To: mneptok <mneptok mneptok com>
Cc: gnome-infrastructure gnome org, Jim Hodapp <jhodapp iupui edu>
Subject: Re: Request to put GNOME Journal onto the gnome.org servers
Date: Sun, 23 Jan 2005 10:02:07 +0700

On Wed, 2005-01-19 at 17:44 -0800, mneptok wrote:
> Jim Hodapp wrote:
> > I am requesting to put the GNOME Journal website onto the gnome.org web
> > servers since we lost our box that we've been hosting it on free of
> > charge up to this point.  We'd host it on a team member's co-lo server,
> > but it can't handle the traffic that we get when we release new
> > editions.  What we require for the site software-wise is the following:
> > 
> > 1) PHP v4.3.x (any PHP 4.3 version will do)
> > 2) textpattern installed (get the latest version from
> > www.textpattern.com)
> > 3) MySQL v4.0.x (any MySQL 4.0 version will do)
> > 
> > That's all we need as far as software goes.  A database called
> > gnomejournal in MySQL would be a good name for the database for
> > textpattern.  Textpattern is the content management system that we use
> > to manage the content of the site.  If you need any more info, please
> > let me know.
> 
> Jim,
> 
> It's hard to tell from a cursory glance at the TP website, forum and 
> source if TextPattern requires register_globals be turned on for 
> PHP. In the interest of my laziness, could you answer this for me?
> 
> Personally, I find register_globals a security risk. There are 
> workarounds for not using it, and if your current host does not 
> support register_globals then said fixes have been applied to your 
> installation of TP.
> 
> Currently the gnome.org PHP installs do not support 
> register_globals. Personally, I'd be hesitant to turn it on. I think 
> before any more discussion takes place it's a good idea to figure 
> out if PHP as-provided at gnome.org will suit your needs. A copy of 
> the php.ini file from your current host would be great.
> 
> One man's opinion here. I don't wear the Final Decision Hat. :)

Since the great 'widget' compromise of last year, PHP was disabled on
the GNOME servers, and would only be re-enabled (on a per-area basis
only) once the PHP code had been evaluated for potential security risks
etc.

Unless the application was written a *long time* ago, the application
will already have been written to use '$_GET/$_POST' etc as it should.
Any competent PHP developer should already know that 'register_globals'
will be off for most production servers in the real world.

For GNOME, 'register_globals' is certainly off and is likely to remain
off until the end of time.

--
Ross

References:
- Request to put GNOME Journal onto the gnome.org servers
  - From: Jim Hodapp
- Re: Request to put GNOME Journal onto the gnome.org servers
  - From: mneptok

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]