Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Register Globals ON or OFF???


julianpuje

Recommended Posts

Hi All

 

I see many references and issues relating to register globals, should they be on or off etc.

My question is "what is register globals"? and should they be ON or Off? what affect does this have and where do you find out if they are On or Off?

I think you get the idea. Any information really.

 

TIA

 

J

A little knowledge is dangerous, I SHOULD KNOW.

If Life Begins At 40, What ends????

Link to comment
Share on other sites

The PHP manual actually gives a good explanation with an example. It's geared towards programmers, of course, but it doesn't require a degree or anything:

 

http://us3.php.net/register_globals

 

Global variables are data that come from outside your code, such as server information, POST (form submission) values, GET (url values), and cookies. These types of data are stored in superglobals with a special method to access them. If register_globals is on, then the superglobals are populated to your code as regular variables. Since PHP variables do not have to be initialized, this creates a possibility for bugs and security holes. Note that register_globals in and of itself is not really "safe" or "unsafe." It actually depends on the code.

 

The closest analogy I can come up with is the use of a seat belt in your vehicle. You have the ability to wear or not wear them. Not wearing your seatbelt (having register_globals ON) increases your likelihood of getting injured should you be involved in an accident, but it doesn't cause the injury or the accident. Wearing a seatbelt (having register_globals OFF) decreases the likelihood of being injured in an accident, but it doesn't guarantee your safety. Of course, a reckless driver wearing a seatbelt may be more at risk than a cautious driver not wearing a seatbelt.

 

It's not necessary to have register_globals OFF for a server to be secure or safe. It's also no guarantee of safety or security to have the directive turned ON. Of course, like seatbelts, it's generally better to have them off because it removes that particular weakness.

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...