|
#1
07-19-2004, 04:29 PM
|
|||
|
|||
Why is the register_globals=on
When it has been clearly established that is open up security vulnerabilities ??? It even comes OFF by default on all PHP versions now .. then why leave it on ??? 
|
|
#3
07-21-2004, 11:24 PM
|
||||
|
||||
|
I will speak to Brent about this and see what can be done.
|
|
#6
07-22-2004, 06:16 PM
|
|||
|
|||
|
There are even bigger problems with register_globals = on ... like account susceptible to hack attacks on php scripts ... So its a simple pick ... Fix your scripts, Get Updated versions OR ... be susceptible to attacks on your websites ... allowing people complete access to your accounts .... i mean ... it doesnt take rocket science to put 2 and 2 together.
|
|
#7
07-23-2004, 12:59 AM
|
||||
|
||||
|
Ok, the general consensus is that if we were default this to OFF, we would see a rapid increase in support emails and forum posts from people asking why their scripts stopped working.
We can't please everyone, so instead what we try to do is please the majority, and from what I'm hearing, the majority of people require this to be ON. Also, as sonic mentioned, you do have the option to disable this using an .htaccess file.
|
|
#8
07-23-2004, 07:25 PM
|
|||
|
|||
|
Ok. I don't want to cause trouble to other people... just want to solve mine...
 In order to set it OFF, I added... php_flag register_globals 0 ... in my .htaccess. But now I get a 500 Internal server error: "The server encountered an internal error or misconfiguration and was unable to complete your request". Any idea about how to solve this problem?! Thanks!!
|
|
#9
07-23-2004, 07:39 PM
|
||||
|
||||
|
I would think that "0" would work, but try it with "off" instead...
php_flag register_globals off
|
|
#11
07-28-2004, 01:38 AM
|
|||
|
|||
|
Hi,
Jutin and sonic, thanks for the help. Just in case, I've already tried both options (0 and off), but the 500 error continued. So, I tried to set it to 1 (ON), and the 500 error continues... So, my guess is that I don't have permission to have a .htaccess file. Is that possible?! Before I ask support about this, does anyone else have a .htaccess file (changing the register_globals) working?! Thanks!!!
|
|
#12
07-28-2004, 01:43 AM
|
|||
|
|||
|
No ... you do have permissions to a .htaccess file .. are you sure you named it correct ?? Windows will not let you name the file starting with a "." therefore you have to rename it AFTER you upload it.
theoratically .. .htaccess files can be used inside ANY folder of your public_html .... but puttin it on the home directory is a good idea. I am myself using .htaccess to hide PHP Sessid ... and it seems to be working like a charm. Do check your settings and file name.
|
|
#14
07-28-2004, 02:11 AM
|
|||
|
|||
|
Hi Archertech,
Thanks for you help! The .htaccess file was fine. But it was not in my home directory. Based on your comment, I edited the .htaccess file that was at my home directory (I haven't noticed I had one there before...  ), adding the line:php_value register_globals 0 But the 500 error happened again... when I remove this line, it works fine (no error). So the problem really seems to be when I try to change the php_flag... Any suggestions?!
|
 |
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| [Open] Using Godaddy Domain reseller account with autopilot? | magicman | Shared Hosting Support | 4 | 08-04-2004 10:39 AM |
| [Open] Backing up MySql database | ravigsc | Shared Hosting Support | 0 | 07-06-2004 08:39 AM |
| [Open] Transfer | sgcom | Shared Hosting Support | 2 | 07-03-2004 11:03 PM |
| [Open] Statistics | toddmedia | Pre-Sales Questions | 6 | 06-30-2004 04:09 PM |
All times are GMT -5. The time now is 08:39 PM.