Flaming registered globals
14 Sep 2008I run a number of web sites on a relatively cheap hosting service called Dataflame. My current bandwidth doesn’t let me run sites particularly well from home (just yet anyway), and the technical issues I’ve had sometimes have been infuriating, but for the price, I think the service is probably quite reasonable.
I use a lot of PHP based systems on the sites and they typically
complain about the register_globals
configuration being set on. Now
from a compatibility point of view for some of the older PHP
applications this is great, but for security this isn’t so hot.
I’m literally just in the process of entirely rewriting one site onto a new CMS and I thought I’d have a look into this little issue a bit further (without contacting tech support who were distinctly unhelpful when I contacted them yesterday and in the end I had to speak to the billing department to get a database back - go figure!).
The solution it seems was simple. I put a php.ini
file in my root
directory (actually "/public_html"
for Dataflame sites) with one line
in it:
register_globals = false
From what I understand this works for the majority of web hosts, and I just wanted to share this with all the other Dataflame users out there.