The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

register_globals off - bad advice

Discussion in 'General Discussion' started by pingo, Sep 12, 2003.

  1. pingo

    pingo Well-Known Member

    Joined:
    Nov 16, 2002
    Messages:
    430
    Likes Received:
    0
    Trophy Points:
    16
    I'll never do that again. I were adviced to do it for security reasons and just woke up to a flood of complaints from angry customers whose php scripts didn't work. Had to issue refunds and lost one customer. Is anyone using this here and if so is there an easy fix for this problem in customers scripts. I would prefer the increased security.

    Thanks
    John

    cPanel.net Support Ticket Number:
     
  2. efeito

    efeito Well-Known Member
    PartnerNOC

    Joined:
    Jul 24, 2003
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    .pt
    You set register_globals off?

    Your customer can set them on for ther scripts.

    Just put a .htaccess file on the folder the script is, and write only this

    "php_flag register_globals off"

    It works for me.

    cPanel.net Support Ticket Number:
     
  3. pingo

    pingo Well-Known Member

    Joined:
    Nov 16, 2002
    Messages:
    430
    Likes Received:
    0
    Trophy Points:
    16
    So they can set it to on in their scripts? But I don't think that I would advice them to fix the problem thIS way:

    From the php.ini file:

    You should do your best to write your scripts so that they not require register_globals to be on; Using form variables as globals can easily lead to possible security problems, if the code is not very well thought of.

    John

    cPanel.net Support Ticket Number:
     
  4. efeito

    efeito Well-Known Member
    PartnerNOC

    Joined:
    Jul 24, 2003
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    .pt
    Well this is your way of see the things. I was just saying that if you do want to turn them off, your customers cant complain. They can turn them on, so they cant complain or ask for refund.

    But, was just a hint. Its your decision :)

    cPanel.net Support Ticket Number:
     
  5. pingo

    pingo Well-Known Member

    Joined:
    Nov 16, 2002
    Messages:
    430
    Likes Received:
    0
    Trophy Points:
    16
    Oh, :) so this is an easy way to deal with it for those who experience problems. I were, however, a bit surprised that enabling it is possible when it has been disabled in the php.ini file.

    John

    cPanel.net Support Ticket Number:
     
  6. JPmorgan

    JPmorgan BANNED

    Joined:
    Aug 19, 2003
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    Well if you did that without testing or making sure those who needed register globals OFF for their sites, instead of ON, it serves you right. Next time you may not be so hesitant to mess with the system setup without knowing what your doing. Don't make changes like that just because you read about it.

    cPanel.net Support Ticket Number:
     
    #6 JPmorgan, Sep 12, 2003
    Last edited: Sep 12, 2003
  7. pingo

    pingo Well-Known Member

    Joined:
    Nov 16, 2002
    Messages:
    430
    Likes Received:
    0
    Trophy Points:
    16
    Yes dad - heh, just kidding :) - you told me what I already knew.

    John

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page