No Support > Announcements
[WARNING] : PHP setting register_globals should be disabled on your server
Abbas Ali:
Having the PHP setting register_globals enabled on your webserver is a bad idea in terms of security. It's strongly recommended to turn it off. If you don't have control over the webserver and therefore can't do that, ask your webhost for support. Most webhosts should be happy to help you turn register_globals "off" because it removes potential security holes in all PHP scripts. In addition, register_globals has been marked a feature to be removed in the next version of PHP and so all scripts need to work with register_globals "off" in the near future. Some webhosts have a simple way to change the register_globals setting on the webhost's control panel. If the webserver is yours to administer (i.e. if you're self-hosting, which the dev team does not recommend), you need to edit php.ini, find the line that starts with register_globals and edit it accordingly. Save your changes and restart the webserver service/daemon.
Do not ask how to turn register_globals off in this thread nor in other threads on this forum, as we don't know how your webserver is set up and therefore can't answer that question. Usually, you are not able to change that in the first place if you're webhosted, but only your webhost can change it for you. The only place to ask for help is your webhost. Older, badly-written scripts may require register_globals to be enabled. Coppermine is not one of those scripts that require register_globals "on". Although Coppermine works with register_globals turned on or off, it is strongly recommended to turn register_globals off.
In general, register_globals set to "on" might result in your site getting hacked!
For technical information about the security implications of register_globals, go to this page (on PHP.net).
Master of Disaster:
I asked my webhoster to turn off register_globals. It would cost me 10 € to change this parameter. Is it worth the 10 €?
isajade:
My webhost replied that it would turn off many securised scripts.
To keep it ON that have many protections, so it's not a problem.
--- Quote ---Mettre en OFF register_globals bloque de nombreux scripts qui sont
pourtant sécurisés.
Afin de permettre de garder la variable ON, nous avons d'autres
protections bien plus efficaces.
Aucun souci donc.
--- End quote ---
:-\
Joachim Müller:
--- Quote from: isajade on June 25, 2009, 07:34:18 pm ---My webhost replied that it would turn off many securised scripts.
--- End quote ---
That's nonsense IMO.
isajade:
Thank you for your reply. My webhost says that I'm perfectly safe with it turned ON.
(sorry his reply is in French)
--- Quote ---Ce n'est pas une fadaise, c'est une réalité. Certains scripts ont besoin
de register_globals.
Malheureusement je ne peux pas la mettre en ON sur le serveur. Sinon de
nombreux clients vont être bloqué.
Nous connaissons l'architecture de nos serveurs et les protections que
nous employons. Un programmeur ne va pas connaitre notre manière de
faire et/ou de protéger les scripts. Mettre en OFF n'est qu'une solution
de facilité.
Chaque client dispose d'un espace cloisonné où les utilisateurs gèrent
leur PHP en toute liberté.
L'ensemble des requêtes est contrôlé et géré pour prévenir un piratage.
Vous ne risquez strictement rien. Je prends la responsabilité pleine de
mes propos.
--- End quote ---
:-[
Navigation
[0] Message Index
[#] Next page
Go to full version