Ovo mi piše u security advisor od portala...

'register_globals' : on Not secure
This setting invites a variety of injecting attacks.
If you can put .htaccess, edit or create...

/home/eydinfo/public_html/.htaccess

php_flag register_globals off

'allow_url_fopen' : on Not secure
This setting allows attackers to execute arbitrary scripts on remote servers.
Only administrator can change this option.
If you are an admin, edit php.ini or httpd.conf.
Sample of httpd.conf:
php_admin_flag allow_url_fopen off
Else, claim it to your administrators.

'session.use_trans_sid' : on Not secure
Your Session ID will be diplayed in anchor tags etc.
For preventing from session hi-jacking, add a line into .htaccess in XOOPS_ROOT_PATH.
php_flag session.use_trans_sid off

Kako ovo ispraviti? i da li se može uopće?

da to je problem jer masu aplikacija zahtjeva globals na ON a u stvari je sigurnije imati na OFF.

Upravo podešavamo jedan novi server na kojemu ćemo imati globals isključivo na OFF, pa ako se slažete kroz cca 5-6 dana prebacili bi Vas na taj server.

pozdrav, SC

U redu. Stavite obavijest negdje na forum da ne zaboravim do onda.

svakako.

pozdrav, SC

U joomli kad se upgrade-a na 1.0.11 također piše da je bolje imati register_globals na off:

Following PHP Server Settings are not optimal for Security and it is recommended to change them:

* PHP register_globals setting is `ON` instead of `OFF`