hosted by liquidweb

Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Should register_globals be on or off by default?

Forum Jump

Should register_globals be on or off by default?

Reply Post New Thread In Hosting Security and Technology Subscription
Send news tip View All Posts Thread Tools Search this Thread Display Modes
Join Date: Feb 2008
Posts: 24

Should register_globals be on or off by default?

I had a third party company do the hardening on my server and the register_globals are set to on by default. Isn't it more secure to have that set to off instead of on? Or does it not matter?

(My server has cPanel/WHM/Fantastico installed, if that makes any difference.)

Just wondering as couldn't find much on Google about this.

Sponsored Links
Junior Guru
Join Date: Oct 2010
Location: Iraq
Posts: 207

according to cpanel Documentation and most online tutorials yes it should be off for better security.

Highest Regards
Mohammed H

Simplest way to host your website

Temporarily Suspended
Join Date: Feb 2004
Location: UK
Posts: 1,429

If you run suphp then you/your clients can enable it via there own php.ini. but by default it should be off for security reasons.


Sponsored Links
Web Hosting Master
Join Date: Jul 2009
Posts: 1,568
It should be set to Off for security reasons.

| Server Setup | Security | Optimization | Troubleshooting | Server Migration
| Monthly and Task basis services.
| MSN : madaboutlinux[at] | Skype : madaboutlinux

Just me
Join Date: Sep 2002
Location: Among the corn
Posts: 10,591
Globals are deprecated in 5.3, meaning they're going out the door.
Get your sites ready for the future now

Join Date: Jul 2011
Location: Michigan
Posts: 20
Originally Posted by linux-tech View Post
Globals are deprecated in 5.3, meaning they're going out the door.
Get your sites ready for the future now
Beat me to it, I personally liked globals but they were open to security issues.

There are smart ways around using register_globals look into foreach $_GET/$_POST

Join Date: Feb 2008
Posts: 24
Thanks guys! I'm still learning.

I'm going to have them set to off. I'm just worried about any existing web sites that might be using them that will stop functioning. Any suggestions on how to find these before I made the change? I could then add a custom php.ini file in their public_html directory to keep them on for those specific sites. I have a lot of older clients on the server that go back to 1995 (I acquired a friend's clients when he went out of business).

Thanks again for any tips!


Community Liaison 2.0
Join Date: Feb 2005
Location: Australia
Posts: 5,833
The best reason for turning register_globals off is that it will disable those ancient, insecure scripts that need it switched on. The right thing to do next is to upgrade these broken scripts to current versions or replace them with something newer and better.

If you must keep the old scripts running (whether by enabling register_globals on a per-site basis or by editing the scripts themselves) then at least make sure you're running suPHP so when they get exploited you have a chance of limiting the damage to a single account.


"Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter


Similar Threads
Thread Thread Starter Forum Replies Last Post
How on register_globals yazdboy Programming Discussion 12 09-09-2010 02:02 AM
register_globals xcharlz Ecommerce Hosting & Discussion 2 02-10-2010 10:22 AM
Register_globals, what is this? Postmaster Web Hosting 7 04-30-2004 07:14 PM
register_globals VNPIXEL Hosting Security and Technology 3 03-16-2003 05:23 AM
Setting default.asp a default in .htaccess skymedia Dedicated Server 2 10-13-2001 07:33 AM

Related posts from
Title Type Date Posted
What is .HOST and How Can You Get One? Join the WHIR Webinar to Find Out! Blog 2014-09-04 14:35:42
Upcoming WHIR Webinar: How Best Practices Can Help Make Children - and Your Hosting Company - Safer Blog 2014-04-09 11:45:43
Cloud Provider DigitalOcean Updates Code Base to Address Security Concern Web Hosting News 2013-12-31 10:34:04
Register for Free WHIR Webinar on New gTLDs with LogicBoxes Blog 2013-12-10 14:48:48
Mozilla Firefox 23 Will Block Mix SSL Content by Default Web Hosting News 2013-04-12 11:39:07

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Log in with your username and password

Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Web Hosting News:
WHT Membership
WHT Membership



Welcome to

Create your username to jump into the discussion! is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.

(4 digit year)

Already a member?