"Should I set register_globals to ON in PHP?" saith the newbie.
"Should I set register_globals to ON in PHP?" I would like to install a weblog for my website. I found this weblog: http://somery.danwa.net/ I would like to install it but it requires register_globals to be set to ON. Currently register_globals is set to OFF. I don't know the significance of this - can someone advise if this is a bad idea / security problem? If not a problem where do I set the register_globals to ON? How do I do that. Thanks in advance. Dan
"Should I set register_globals to ON in PHP?"
I would like to install a weblog for my website. I found this weblog: http://somery.danwa.net/ I would like to install it but it requires register_globals to be set to ON. Currently register_globals is set to OFF. I don't know the significance of this - can someone advise if this is a bad idea / security problem? If not a problem where do I set the register_globals to ON? How do I do that.
Yes, it is a big security problem. http://www.php.net/manual/en/security.registerglobals.php Basically means that anyone can introduce variables into your script. E.g. if someone calls http://www.mysite.com/myscript.php?debug=1 then your script has a new global variable $debug which is set to 1, if register_globals was off, the only way this could be accessed is with $_GET{'debug'} or $_REQUEST{'debug'}. You can set register_globals = On on a per directory basis with .htaccess files. Here is a google search on the subject: http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=php+.htaccess+register_globals I highly recommend against setting register_globals=On globally in php.ini though. Email the makers of that weblog and tell them to write their program with register_globals=Off. Josh
participants (2)
-
Dan Eskildsen
-
Josh Trutwin