Printer Friendly Version Print this thread
Email this thread to a friend eMail this thread to a friend
Featured Web Site Template

Hundreds More at Free Site Templates.com!

Web Site Partners
Sponsored Links
Jet City Software
 
Whos Here ?
There are 0 guests and 1 members in the forums right now.
Reflects user activity within the last 5 minutes
Moderator(s): Prowler, jcokos
Member Message

leelee700
Joined: Oct 09, 2006
# Posts: 50

View the profile for leelee700 Send leelee700 a private message

Posted: 2006-Dec-26 18:25
Edit Message Delete Message Reply to this message

Hi Everyone,

What's the consensus on having register_globals turned on or turned off in PHP5? When writing PHP code, is it better to have them turned on or off?




mj1256
Joined: Jun 05, 2006
# Posts: 911

View the profile for mj1256 Send mj1256 a private message

Posted: 2006-Dec-27 23:07
Edit Message Delete Message Reply to this message

Too vague a question

Are you using a cms system

Off is better for security, but some programs and site components may not work. So you have to weigh the plusses and the minusses



IanK
Joined: Dec 07, 2003
# Posts: 90

View the profile for IanK Send IanK a private message

Posted: 2006-Dec-29 01:49
Edit Message Delete Message Reply to this message

In all cases it is better to have register globals turned off. The only applications that won't work with it off are old, outdated and most likely full of security holes.



Prowler
Staff
Joined: Aug 14, 2000
# Posts: 1788

View the profile for Prowler Send Prowler a private message

Posted: 2007-Jan-12 08:50
Edit Message Delete Message Reply to this message

>> In all cases it is better to have register globals turned off.

I wish life was as simple as that. It is not. There is no clear jury on this yet. It all depends on the individual situation. You can set them 'on' on a directory basis through a .htaccess file as here:



Code: [copy]

IanK
Joined: Dec 07, 2003
# Posts: 90

View the profile for IanK Send IanK a private message

Posted: 2007-Jan-19 23:15
Edit Message Delete Message Reply to this message

It seems to be that it is that simple.

- Turning RG on is purely a convenience, it provides no added functionality.

- Very few applications require RG to be turned on.

- Having RG turned is a security issue.

So unless you have an application which absolutely requires RG to be turned on, and for some reason you can't add the small amount of code needed to cause it to work without RG on, I'd recommend keeping it off.



Prowler
Staff
Joined: Aug 14, 2000
# Posts: 1788

View the profile for Prowler Send Prowler a private message

Posted: 2007-Jan-20 07:42
Edit Message Delete Message Reply to this message

>> Having RG turned is a security issue.
Security is a mindset. Sloppy coding can always result in problems despite the 'best' configuration. Security by obscurity is not one of the best methods.



You are not permitted to post messages in this forum or topic, because of one or more of the following reasons:
  1. You have not yet logged in, or registered properly as a member
  2. You are a member, but no longer have posting rights.
  3. This is a private forum, for which you do not have permissions.

If you are a recent member, it's possible that you simply have not yet confirmed your account. Please check your email for a message entitled 'JimWorld Forums: Confirm Your Account' and follow the instructions contained within.

If you cannot find this message, click here to Re-Send it.

If you are still experiencing problem, please read the Login Assistance Article for some advice on what may be causing your login not to work properly.

Switch to Advanced Editor and ... Create a New Topic or Reply to this Thread

New posts Forum is locked
© 1995  ·  iWeb, Inc  ·  DBA JimWorld Productions