Web Hosting Forums

Results 1 to 12 of 12

This is a discussion on Hem 4 in the Hosting Talk & Chit-chat forum
http://wordpress.org/support/topic/41464 Have we got the php register_globals turned off?. ...

  1. #1
    JPC Member
    Join Date
    Aug 2006
    Posts
    0

    Exclamation Security risk?

    http://wordpress.org/support/topic/41464

    Have we got the php register_globals turned off?.

  2. #2
    JPC Member
    Join Date
    Sep 2006
    Posts
    0
    You can check for your server by using the following PHP code.

    <?php
    phpinfo();
    ?>

    Look in the PHP configuration section for the register_globals setting.

    On my server, it is on.

  3. #3
    DEHE PR manager imported_Robert's Avatar
    Join Date
    Jun 2005
    Posts
    0
    Quote Originally Posted by rosanegra
    http://wordpress.org/support/topic/41464

    Have we got the php register_globals turned off?.
    This is not a security riks. A script is secure or insecure and it has nothing to do with register_globals. Apparently, if you disable this, you will not be able to do _some_ things with php
    Robert McGregor
    PR manager

    DEHE.com - Definition of Hosting Experts

  4. #4
    JPC Member
    Join Date
    Sep 2006
    Posts
    0
    The register_globals setting is by default set to off in the initial PHP installation. Even the php.net site recommends it to be off based on PHP community feedback. See the below link.

    http://my2.php.net/register_globals

    I don't know much about this, but many articles I have read all say that it should be off. However, I don't know what things can't be done in PHP with this setting turned off.

  5. #5
    Loyal Client
    Join Date
    Apr 2006
    Posts
    19
    register_globals isnt a security risk, poorly coded scripts are.

  6. #6
    JPC Member
    Join Date
    Sep 2006
    Posts
    0
    That may be true, and if you run your own server and code your own scripts, you can ensure that.

    However, if you are on a shared server with hundreds of other clients, you have no control over how others code their scripts. If those scripts are not secure and can be exploited and causes server instability, you will be affected too, no matter how securely you code your own scripts.

  7. #7
    ben
    ben is offline
    JPC Member
    Join Date
    Dec 2005
    Posts
    0
    It is registered on, on my server as well.

    Personally, I prefer it to be set to off, especially as this is now standard in new installs of php. Is it possible to set it to off just for my webspace?

    Thanks

  8. #8
    Loyal Client
    Join Date
    Jul 2005
    Location
    New York
    Posts
    45
    Yup, using htaccess you can turn registrar_globals off for your space:
    Code:
    php_flag register_globals off
    I usually turn it off myself because unless you need it on, it's just one more layer that you can be exploited through.

  9. #9
    JPC Member
    Join Date
    Aug 2006
    Posts
    0
    Quote Originally Posted by Bleu Unicorn
    Yup, using htaccess you can turn registrar_globals off for your space:
    Code:
    php_flag register_globals off
    Doesn't this give you a Server Error 500 with your server?

    Blue4

  10. #10
    Loyal Client
    Join Date
    Jul 2005
    Location
    New York
    Posts
    45
    Hunh, you're right it does. LOL!
    I had taken it out of my htaccess awhile back before I moved my site here when I tried to install phpFanBase, I guess I never thought to try to put that back in and test it.

    Well, guess my advice is moot. Sorry!

  11. #11
    Unregistered
    Guest

    Hem 4

    Hello,

    If I purchase the Starter Package (Windows) will DEHE install the Helm 4 Beta for me?

    How long can I expect to get everything setup?

  12. #12
    Loyal Client
    Join Date
    Dec 2005
    Location
    Netherlands
    Posts
    120
    Hello,

    Setup time is about 12-24 hrs after order.

    I think they can install Helm 4 Beta for you, but some one from DEHE will answer it for you.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •