Form Tools
configuration setting - Printable Version

+- Form Tools (https://forums.formtools.org)
+-- Forum: Form Tools (https://forums.formtools.org/forumdisplay.php?fid=1)
+--- Forum: Installation (https://forums.formtools.org/forumdisplay.php?fid=4)
+--- Thread: configuration setting (/showthread.php?tid=651)



configuration setting - marcat - Apr 13th, 2010

I am setting up FT for our production environment and need to know what the following setting is for? We want our installation to be as secure as possible and this setting makes me feel a bit uneasy...

/**
* This setting should be enabled PRIOR to including this file in any external script (e.g. the API)
* that doesn't require the person to be logged into Form Tools. This lets you leverage the Form Tools
* functionality in the outside world without already being logged into Form Tools.
*/
$g_check_ft_sessions = (isset($g_check_ft_sessions)) ? $g_check_ft_sessions : true;

Should I set this to false to keep the "outside world" away?


RE: configuration setting - martin_undefined - Apr 15th, 2010

Hi,

Until someone more knowledgeable comes along, I'd say that this isn't something to be concerned about.

I think the code quoted is simply checking if an FT session exists which as you read the documentation you'll see is a core thing to the whole process.

Martin

(Apr 13th, 2010, 8:56 AM)marcat Wrote: I am setting up FT for our production environment and need to know what the following setting is for? We want our installation to be as secure as possible and this setting makes me feel a bit uneasy...

/**
* This setting should be enabled PRIOR to including this file in any external script (e.g. the API)
* that doesn't require the person to be logged into Form Tools. This lets you leverage the Form Tools
* functionality in the outside world without already being logged into Form Tools.
*/
$g_check_ft_sessions = (isset($g_check_ft_sessions)) ? $g_check_ft_sessions : true;

Should I set this to false to keep the "outside world" away?



RE: configuration setting - Ben - Apr 18th, 2010

Hey Marcat,

No, it's nothing to worry about. The only way that setting could be subverted would be if a malicious PHP script is already running on your server, in which you have FAR bigger problems to contend with. Alternatively, if you have the PHP register_globals setting enabled (which is getting pretty rare these days and should NEVER be enabled!). But even then, it wouldn't allow anyone to get access to anything - the script just wouldn't work from a web browser.

As Martin noted, it's really just a way for the API to access some functionality.

Good question though.

- Ben


RE: configuration setting - marcat - Apr 19th, 2010

Great! Thanks for the clarification...


RE: configuration setting - melmando - Oct 28th, 2020

Hi everyone, if I have erectile dysfunction problems, I use a proven method, namely visiting the website https://indiacialis.com/india...viagra-soft/. Here I find the best quality medicines for potency. Have a good time and I wish you good health!


RE: configuration setting - CharlesMcGinnis - Mar 9th, 2021

Protection of the environment is our responsibility and we should keep it clean. If the around area clean, we able to prevent ourselves from various diseases. Thumbs up with your tremendous essay writing service recommendations and we all should educate others.


RE: configuration setting - Daniel_Davis - May 26th, 2021

Thank you for advertising your service. I think he will help many students, but personally I think that it is better to understand everything on your own so that you can then go to a good university where you will need this knowledge and save money. I recommend for those who want to figure out on their own how to do their homework, use instagram, there you can find many posts in which experienced teachers show and tell how to do homework in any subject and there is always the opportunity to ask them questions in the comments. I noticed that many of these posts were posted on accounts that have about 28 thousand subscribers! I'm sure their owners used the services of https://viplikes.net/buy-instagram-followers to cheat their quantity.