carbonize Posted December 11, 2009 Posted December 11, 2009 I was just messing about with some code and it told me that register_globals is enabled on my server, matra. Just wondering if this is true and if so why? Last I checked register_globals is disabled by default for extra security. Quote
TCH-Bruce Posted December 11, 2009 Posted December 11, 2009 I'd open a ticket with the help desk. You can always turn it off in the .htaccess file. >php_flag register_globals off Quote
carbonize Posted December 11, 2009 Author Posted December 11, 2009 Thanks have disabled them now. Just seems strange having them enabled. Quote
TCH-Dick Posted December 11, 2009 Posted December 11, 2009 Thanks have disabled them now. Just seems strange having them enabled. This is one of those things we occasional review and have tested a few times over the years. Unfortunately, due to the varying skill levels of site owners and how often they change/update their code, these test have never went well. They have always ended in an overwhelming number of broken sites and angry webmasters. Therefore, we continue to come to the conclusion that disabling register globals by default is just not feasible. With that said, it is my understand that register_globals is being deprecated as of PHP 5.3.0 and will be completely removed in PHP 6. Quote
carbonize Posted December 12, 2009 Author Posted December 12, 2009 Yes you are right in regards to it being removed in PHP 6. I would personally just send all your customers an email saying that you are disabling register globals at a set date and that way they have plenty of time to update their scripts. Most scripts they have obtained would of been updated anyway (hopefully) and possibly contain security fixes. If it's their own script then they need to get off their backsides and fix them anyway. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.