Flaming registered globals14 Sep 2008
I run a number of web sites on a relatively cheap hosting service called Dataflame. My current bandwidth doesn’t let me run sites particularly well from home (just yet anyway), and the technical issues I’ve had sometimes have been infuriating, but for the price, I think the service is probably quite reasonable.
I use a lot of PHP based systems on the sites and they typically
complain about the
register_globals configuration being set on. Now
from a compatibility point of view for some of the older PHP
applications this is great, but for security this isn’t so hot.
I’m literally just in the process of entirely rewriting one site onto a new CMS and I thought I’d have a look into this little issue a bit further (without contacting tech support who were distinctly unhelpful when I contacted them yesterday and in the end I had to speak to the billing department to get a database back - go figure!).
The solution it seems was simple. I put a
php.ini file in my root
"/public_html" for Dataflame sites) with one line
register_globals = false
From what I understand this works for the majority of web hosts, and I just wanted to share this with all the other Dataflame users out there.