Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Newbie with install question

Criadoman

By Criadoman
in General Support

Recommended Posts

Criadoman

Criadoman

Posted
Posted

Hi all,

 

I'm testing this software to see if it will satisfy my requirements for an eCommerce site. I have it running on my local host - and all that is running fine.

 

However, upon attempting to install the actual PHP file - I'm getting an error that reads "FATAL ERROR: register_globals is disabled in php.ini, please enable it!"

 

I have 2 issues regarding this and hope someone can assist.

 

1. Upon changing the .ini file to allow register_globals on, I still get the error,

2. I am concerned that even in allowing the above - upon getting it operational, I'm exposing myself to some security problems.

 

Any assistance would be appreciated.

FIMBLE

FIMBLE

Posted
Posted
Hi all,

 

I'm testing this software to see if it will satisfy my requirements for an eCommerce site. I have it running on my local host - and all that is running fine.

 

However, upon attempting to install the actual PHP file - I'm getting an error that reads "FATAL ERROR: register_globals is disabled in php.ini, please enable it!"

 

I have 2 issues regarding this and hope someone can assist.

 

1. Upon changing the .ini file to allow register_globals on, I still get the error,

2. I am concerned that even in allowing the above - upon getting it operational, I'm exposing myself to some security problems.

 

Any assistance would be appreciated.

 

Hi

Add the following to your .htaccess file

 

#<IfModule mod_php4.c>

# php_value session.use_trans_sid 0

# php_value register_globals 1

#</IfModule>

 

 

it will solve your problem

 

Nic

Sometimes you're the dog and sometimes the lamp post

[/url]

My Contributions

kgt

kgt

Posted
Posted

1. You must restart your webserver after any changes made to the php.ini file. If you make changes to an .htaccess file (provided you use the Apache webserver and have allow overrides on) then you do not need to restart your webserver. (Note from FIMBLE's post that you need to remove the # from the front of each line. Those have been pulled from a comments section, I'll guess, so they won't have any effect as they are.)

 

2. That is a oversimplification. Register_globals set to ON is not inherently insecure, but it may make it easier to exploit bugs. You're generally safe with an application like OSCommerce, which has a large enough community to catch most serious problems, and is a large enough project that independent security companies monitor for problems. However, many contributions do not follow best practices and can leave security holes open. They're also not tested like OSCommerce is. If you want to keep register globals off, then you can use this contribution:

 

http://www.oscommerce.com/community/contributions,2097

Contributions

 

Discount Coupon Codes

Donations

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...