KyanVrezpor Posted June 28, 2005 Posted June 28, 2005 I don't know what your policy is on changing php.ini settings, but I have a request that register_globals be turned "off" for server 103. Hundreds of PHP security guides on the net cite this as one of the main potential PHP security vulnerabilities, and possibly the most reliable source, the PHP Security Consortium, mentions it first in its guide to security risks. http://phpsec.org/projects/guide/1.html One accidental omission of a definition can open up a whole site, and with register_globals off, this isn't discovered until it is too late. Indeed, register_globals is switched off by default in versions of PHP from 4.2 onwards. I hope that this can be effected. Thanks Quote
TCH-Rob Posted June 28, 2005 Posted June 28, 2005 Well, I dont know what they will do in the ticket but you can turn yours off by putting the following in your .htaccess file. php_flag register_globals off Quote
KyanVrezpor Posted June 29, 2005 Author Posted June 29, 2005 Thanks . Where should I put my .htaccess file (I didn't have one to begin with)? Is it OK to have it in the root directory? Quote
TCH-Thomas Posted June 29, 2005 Posted June 29, 2005 It should be placed in your public_html I believe. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.