twalls Posted June 29, 2004 Posted June 29, 2004 What is the definitive position on OScommerce regarding Register Globals. ISP is UK2NET who has Register Globals Off and will not turn it on. I believe my only option is to: 1) Move to new ISP who can do above (suggestions please). 2) Wait for MS3 Thanks
djs Posted June 29, 2004 Posted June 29, 2004 Hi Tony Please try the search function for this, there are many answers to this question. I'll save you a bit of trouble for now though, simply add: php_value register_globals 1 to your .htaccess file. If your ISP permits it, this will enable globals on your site. This usually solves this problem. Dan Dan Stevens
soccercheese Posted June 29, 2004 Posted June 29, 2004 There is also a contirbution that shows you how to turn off Register Globals. Search for it at contributions.
peterr Posted July 7, 2004 Posted July 7, 2004 Dan, php_value register_globals 1 to your .htaccess file. If your ISP permits it, this will enable globals on your site. This usually solves this problem. Turning register globals "on" is considered a security risk, so modifying .htaccess as above does solve the problem, but apparently will also assist hackers. Peter
mattice Posted July 7, 2004 Posted July 7, 2004 Dan, php_value register_globals 1 to your .htaccess file. If your ISP permits it, this will enable globals on your site. This usually solves this problem. Turning register globals "on" is considered a security risk, so modifying .htaccess as above does solve the problem, but apparently will also assist hackers. Peter 1) register_globals on only is a security risk with sloppy code osCommerce does not have any problems with it as all input / output is properly checked for manipulation 2) chances are your host will not allow you to set register_globals on through .htaccess. I'd move host opposed to use hacks to make it work. Regards Matthijs "Politics is the art of preventing people from taking part in affairs which properly concern them"
peterr Posted July 7, 2004 Posted July 7, 2004 Hi Matthijs, 1) register_globals on only is a security risk with sloppy code osCommerce does not have any problems with it as all input / output is properly checked for manipulation Okay, well considering the number of posts you have here, I'll take that as 'gospel'. I honestly have no idea on these matters, but when a "Sitepoint guru' tells me it should be turned off, then I start to wonder if the osCommerce sites i support are "safe". However, you have now assured me that they are, thanks. Obviously the Sitepoint advice was in general terms. 2) chances are your host will not allow you to set register_globals on through .htaccess. It's actually set as local and master values as "on" now, and after being 'informed' of the risk, I was asking here, to see if I need to turn it off. After reading your reply, I will not bother now. Hmm, what about the (albeit few) PHP files I have added to osCommerce, or the osC code that I modify. What particular things do I need to be aware of please. Thanks, :) Peter PS As a 'sidenote', a person did try and pass an IP address to product_info.php the other day, in the hope of breaking the code to do a "passthru". The osCommerce code stopped it though, the attempted hack was unsuccessful. :D
Recommended Posts
Archived
This topic is now archived and is closed to further replies.