Flaming registered globals

I run a number of web sites on a relatively cheap hosting service called Dataflame.  My current bandwidth doesn’t let me run sites particularly well from home (just yet anyway), and the technical issues I’ve had sometimes have been infuriating, but for the price, I think the service is probably quite reasonable.

I use a lot of PHP based systems on the sites and they typically complain about the register_globals configuration being set on.  Now from a compatibility point of view for some of the older PHP applications this is great, but for security this isn’t so hot.

I’m literally just in the process of entirely rewriting one site onto a new CMS and I thought I’d have a look into this little issue a bit further (without contacting tech support who were distinctly unhelpful when I contacted them yesterday and in the end I had to speak to the billing department to get a database back - go figure!).

The solution it seems was simple.  I put a php.ini file in my root directory (actually "/public_html" for Dataflame sites) with one line in it:

register_globals = false

From what I understand this works for the majority of web hosts, and I just wanted to share this with all the other Dataflame users out there.

Author: Stephen Millard
Tags: | web |

Buy me a coffeeBuy me a coffee

Related posts that you may also like to read