Joomla 1.0.11 security


I have installed Joomla 1.0.11 as a ‘one button’ install on my site. In the admin I am getting the security warning: "PHP magic_quotes_gpc setting is OFF instead of ON "
I searched for the fix some months ago when I 1st thought about changing from Mambo to Joomla… found some stuff, none of which worked.

Has anyone found a working easy, understandable (for a nub) way of doing this please???

The easiest way I know to deal with it is to use your own copy of php.ini, with the appropriate settings made, and your own instance of DH’s pre-comiled PHP5. How to doe this is generally described in the Dreamhost wiki article on php.ini, though the article talks about change the max file upload size, you can use the same procedure/process to change the magic_quotes setting.

There are several thread s in the forum that also discuss this, and show users successfully working through it.

Understand that Dreamhost allows you to run either a default php4 or php5 installation (you can also comile your own version, but that is generally outside the “noob” realm :wink: ) and either of the pre-compiled choices have some setting Joonla! 1.0.11 reports as being “less than optimal”.

Php4 on Dreamhost runs with register_globals = on while PHP5 turns off register globals (which is good), but has the magic_quotes issue. Neither of these problems are, in and of themselves, necessarily a security risk - whether the risk is there all depends on how the application is coded. The “core” Joomla! 1.0.11 is well enough coded that these are not major issues - the problem lies in the wildly varying quality of the available Joomla! components and add-on modules. The Joomla! dev team correctly encourages you to set things as tightly as possible, hopefully covering some of the problems that can be introduced by poorly coded components.

It is all a trade off - and whether you find the effort worth taking depends upon the components in use and your comfort level in making the suggested changes.

All that said, you might find this previous thread on Joomla! Security (and customizing the php.ini file) useful.