Results 1 to 8 of 8
  1. #1

    Should register_globals be on or off by default?

    I had a third party company do the hardening on my server and the register_globals are set to on by default. Isn't it more secure to have that set to off instead of on? Or does it not matter?

    (My server has cPanel/WHM/Fantastico installed, if that makes any difference.)

    Just wondering as couldn't find much on Google about this.

  2. #2
    Join Date
    Oct 2010

    according to cpanel Documentation and most online tutorials yes it should be off for better security.

    Highest Regards
    Mohammed H
    Simplest way to host your website

  3. #3
    Join Date
    Feb 2004

    If you run suphp then you/your clients can enable it via there own php.ini. but by default it should be off for security reasons.


  4. #4
    It should be set to Off for security reasons.
    | Server Setup | Security | Optimization | Troubleshooting | Server Migration
    | Monthly and Task basis services.
    | MSN : madaboutlinux[at] | Skype : madaboutlinux

  5. #5
    Join Date
    Sep 2002
    Top Secret
    Globals are deprecated in 5.3, meaning they're going out the door.
    Get your sites ready for the future now
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Linux Problems? WHMCS Issues? +1-866-546-8914 (linux-14) or @whmcsguru on twitter!

  6. #6
    Join Date
    Jul 2011
    Quote Originally Posted by linux-tech View Post
    Globals are deprecated in 5.3, meaning they're going out the door.
    Get your sites ready for the future now
    Beat me to it, I personally liked globals but they were open to security issues.

    There are smart ways around using register_globals look into foreach $_GET/$_POST

  7. #7
    Thanks guys! I'm still learning.

    I'm going to have them set to off. I'm just worried about any existing web sites that might be using them that will stop functioning. Any suggestions on how to find these before I made the change? I could then add a custom php.ini file in their public_html directory to keep them on for those specific sites. I have a lot of older clients on the server that go back to 1995 (I acquired a friend's clients when he went out of business).

    Thanks again for any tips!


  8. #8
    Join Date
    Feb 2005
    The best reason for turning register_globals off is that it will disable those ancient, insecure scripts that need it switched on. The right thing to do next is to upgrade these broken scripts to current versions or replace them with something newer and better.

    If you must keep the old scripts running (whether by enabling register_globals on a per-site basis or by editing the scripts themselves) then at least make sure you're running suPHP so when they get exploited you have a chance of limiting the damage to a single account.

    "Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter

Similar Threads

  1. How on register_globals
    By yazdboy in forum Programming Discussion
    Replies: 12
    Last Post: 09-09-2010, 02:02 AM
  2. register_globals
    By xcharlz in forum Ecommerce Hosting & Discussion
    Replies: 2
    Last Post: 02-10-2010, 10:22 AM
  3. Register_globals, what is this?
    By Postmaster in forum Web Hosting
    Replies: 7
    Last Post: 04-30-2004, 07:14 PM
  4. register_globals
    By VNPIXEL in forum Hosting Security and Technology
    Replies: 3
    Last Post: 03-16-2003, 05:23 AM
  5. Setting default.asp a default in .htaccess
    By skymedia in forum Dedicated Server
    Replies: 2
    Last Post: 10-13-2001, 07:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts