hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Should register_globals be on or off by default?
Reply

Forum Jump

Should register_globals be on or off by default?

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old
Newbie
 
Join Date: Feb 2008
Posts: 24

Should register_globals be on or off by default?


I had a third party company do the hardening on my server and the register_globals are set to on by default. Isn't it more secure to have that set to off instead of on? Or does it not matter?

(My server has cPanel/WHM/Fantastico installed, if that makes any difference.)

Just wondering as couldn't find much on Google about this.



Sponsored Links
  #2  
Old
Junior Guru
 
Join Date: Oct 2010
Location: Iraq
Posts: 192
http://docs.cpanel.net/twiki/bin/vie...WHMDocs/PhpIni

according to cpanel Documentation and most online tutorials yes it should be off for better security.

Highest Regards
Mohammed H

__________________
www.xsltel.com
Simplest way to host your website

  #3  
Old
Temporarily Suspended
 
Join Date: Feb 2004
Location: UK
Posts: 1,429
Hi

If you run suphp then you/your clients can enable it via there own php.ini. but by default it should be off for security reasons.

Thanks

Sponsored Links
  #4  
Old
Web Hosting Master
 
Join Date: Jul 2009
Posts: 1,568
It should be set to Off for security reasons.

__________________
| LinuxHostingSupport.net
| Server Setup | Security | Optimization | Troubleshooting | Server Migration
| Monthly and Task basis services.
| MSN : madaboutlinux[at]hotmail.com | Skype : madaboutlinux

  #5  
Old
Just me
 
Join Date: Sep 2002
Location: Among the corn
Posts: 10,533
Globals are deprecated in 5.3, meaning they're going out the door.
Get your sites ready for the future now

  #6  
Old
Newbie
 
Join Date: Jul 2011
Location: Michigan
Posts: 20
Quote:
Originally Posted by linux-tech View Post
Globals are deprecated in 5.3, meaning they're going out the door.
Get your sites ready for the future now
Beat me to it, I personally liked globals but they were open to security issues.

There are smart ways around using register_globals look into foreach $_GET/$_POST

  #7  
Old
Newbie
 
Join Date: Feb 2008
Posts: 24
Thanks guys! I'm still learning.

I'm going to have them set to off. I'm just worried about any existing web sites that might be using them that will stop functioning. Any suggestions on how to find these before I made the change? I could then add a custom php.ini file in their public_html directory to keep them on for those specific sites. I have a lot of older clients on the server that go back to 1995 (I acquired a friend's clients when he went out of business).

Thanks again for any tips!

Selene

  #8  
Old
Community Liaison 2.0
 
Join Date: Feb 2005
Location: Australia
Posts: 5,825
The best reason for turning register_globals off is that it will disable those ancient, insecure scripts that need it switched on. The right thing to do next is to upgrade these broken scripts to current versions or replace them with something newer and better.

If you must keep the old scripts running (whether by enabling register_globals on a per-site basis or by editing the scripts themselves) then at least make sure you're running suPHP so when they get exploited you have a chance of limiting the damage to a single account.

__________________
Chris

"Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter

Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
How on register_globals yazdboy Programming Discussion 12 09-09-2010 02:02 AM
register_globals xcharlz Ecommerce Hosting & Discussion 2 02-10-2010 10:22 AM
Register_globals, what is this? Postmaster Web Hosting 7 04-30-2004 07:14 PM
register_globals VNPIXEL Hosting Security and Technology 3 03-16-2003 05:23 AM
Setting default.asp a default in .htaccess skymedia Dedicated Server 2 10-13-2001 07:33 AM

Related posts from TheWhir.com
Title Type Date Posted
Upcoming WHIR Webinar: How Best Practices Can Help Make Children - and Your Hosting Company - Safer Blog 2014-04-09 11:45:43
Cloud Provider DigitalOcean Updates Code Base to Address Security Concern Web Hosting News 2013-12-31 10:34:04
Mozilla Firefox 23 Will Block Mix SSL Content by Default Web Hosting News 2013-04-12 11:39:07
CIO New York Summit 2013 Web Hosting Events 2013-03-27 19:48:29
CIO Summit 2013 Web Hosting Events 2013-03-05 18:08:59


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?