Register Globals on or off?

[iLLuSiOnS]

I am reading a lot about register globals and how it is a major security risk. I have register globals "Enabled" which is scaring me because of all the things im reading about it being a security threat.

 

What do you guys recommend?

 

I can turn it off, but that would require me to install the Register Globals contribution. Thank you

[ohioman]

As far as things go.. i've also read that there are risks to globals turned on.. but then again, there are risks to owning a website period. I think that file and folder permissions and updates to code to close vunerabilities are the big things to keep aware of. Unfortunately, there are many ways of attack these days. It appears that if they really want it.. they'll find a way to get it.

 

I personally have kept them turned on... but that isn't to say that it's necessarily the best way. I keep regular backups of my system and check it plenty...so should something happen.. i'm really not that worried about losing lots of data. Install the backup and i'm up and running again in minutes. That simple!!! I believe that for every person you find that might have them on.. you'll find others that insist on keeping them off.. just like anything else.

 

Iceman

 

I am reading a lot about register globals and how it is a major security risk. I have register globals "Enabled" which is scaring me because of all the things im reading about it being a security threat.

 

What do you guys recommend?

 

I can turn it off, but that would require me to install the Register Globals contribution. Thank you

[iLLuSiOnS]

Well thanks for the reply, but i think the only reason your not to concerned about a intrusion is because you have probably never been a victim.

 

I want to leave them on as well because installing the Register Globals contribution on a modified oScommerce site is a long process and i would rather not do it.

 

Has anyone actually experienced any intrusions by leaving register globals on?