ChrisJChrisJ Posted November 7, 2005 Posted November 7, 2005 I have placed the php.ini file created by my web host into catalog/admin directory. The php.ini file has Register_Globals set to "ON", does this make my files less secure? Thanks.
kgt Posted November 7, 2005 Posted November 7, 2005 It makes it easier to exploit poorly written code. Good code will not be any less secure running with register_globals set to ON. You must have register_globals set to on to use OSCommerce unless you install the following contribution: http://www.oscommerce.com/community/contri...egister+globals Contributions Discount Coupon Codes Donations
ChrisJChrisJ Posted November 7, 2005 Author Posted November 7, 2005 It makes it easier to exploit poorly written code. Good code will not be any less secure running with register_globals set to ON. You must have register_globals set to on to use OSCommerce unless you install the following contribution: http://www.oscommerce.com/community/contri...egister+globals Thanks for your reply. Is osCommerce is "Good Code"? If it is, would I be better off with that contribution or not? If not, I guess there is no reason to add it. Correct? Thanks again. I look forward to any reply.
kgt Posted November 7, 2005 Posted November 7, 2005 "Good code" and "bad code" are of course relative terms. Having register_globals set to ON can leave scripts vulnerable IF AND ONLY IF they misuse the directive. See the following for more information: http://us2.php.net/register_globals Basically, turning register_globals OFF will prevent your site from being vulnerable to certain types of attacks, but it will not necessarily make your script secure, just as having it on will not necessarily make it insecure. Not using register_globals is generally a good idea, since it removes the threat of that particular vulnerability even if you are running code that is insecure in that regard. As I said though, a script that properly handles variable initialization isn't vulnerable to attacks that rely on register_globals being ON. It's one less thing to worry about if you have register_globals turned OFF, but it's certainly not going to make your site Secure. It can only make it more secure than it was before. Also keep in mind that, if you use contributions that rely on register_globals being set to ON, you will have to edit them to work with the contribution I posted. Contributions Discount Coupon Codes Donations
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.