TinyPortal

Development => Support => Servers & hosts => Topic started by: G6Cad on July 31, 2006, 06:47:56 AM

Title: Host configuration question
Post by: G6Cad on July 31, 2006, 06:47:56 AM
My host have upgraded the server im using and they have put in some new software and now im wonder about one thing on the new domain settings page i have.
In one place I can set diffrent ways for the server to read PhP, and im lost in one choise i can make there.

Quote

Register globals On Off

"Register Globals" in PHP is "Off" by default. This is for security reasons. Before turning it "On" you should read this documentation, which explains the security risk and consequence concerning this setting.
This (http://www.php.net/manual/sv/security.globals.php) is the documentation they point to

Register Globals ON or OFF  ???    What should i set that to? I have read the documentation they have but it soesent really point in any direction for what is the best for what you are using on your webpage.

What should i set that to? On or OFF  :o
Title: Re: Host configuration question
Post by: IchBin™ on July 31, 2006, 07:34:29 AM
That is not required for any of your stuff to work G6. I have it turned off on my server. Its only a security risk if someone doesn't write good code. :)
Title: Re: Host configuration question
Post by: akulion on July 31, 2006, 07:37:00 AM
yea i saw it in my coppermine installation too -- or was it another script...it told me my global thingies were off and it is recommended they should be on because a bad / weak code could cause a security vunrability

needless to say i didnt turn it on and everything still runs fine
Title: Re: Host configuration question
Post by: IchBin™ on July 31, 2006, 07:38:30 AM
If you can live with it off, I would recommend that.
Title: Re: Host configuration question
Post by: akulion on July 31, 2006, 07:43:59 AM
Its a good thing u brought this queston up...cos ive always wondered what that setting was
Title: Re: Host configuration question
Post by: G6Cad on July 31, 2006, 08:04:32 AM
It is set to off :) But why do they have sutch things if it is "dangerous" to have them set to on  :o
Title: Re: Host configuration question
Post by: IchBin™ on July 31, 2006, 08:33:35 AM
Its only dangersous if the person who writes the scripts doesn't know how to code properly. If the person can code properly there's no danger. Unfortunately, not everyone is a A+ programmer when they start. :)

From what I see, its only dangerous in the sense that if you don't declare a variable (with global on) that it makes it easier for people to inject information into a variable that is not declared, thus making it easier to hack someones site or something.
Title: Re: Host configuration question
Post by: technodragon73 on July 31, 2006, 08:35:30 AM
I couldn't tell you anything about the dangerous part, but i do know that it caused an issue being of on someone's server that I was attempting install oscommerce for...once turned on it worked perfectly.
Title: Re: Host configuration question
Post by: IchBin™ on July 31, 2006, 08:41:14 AM
If they use registered globals then yes, it will have to be turned on. I've ran into that before too. I can't remember which script required it. Its really a personal preference I guess. But I tend to think the more you have open, the less secure your site is. I try to keep things like that at a minimum if at all possible.
Title: Re: Host configuration question
Post by: akulion on July 31, 2006, 08:49:17 AM
reminds me of my lst host...they had an over sized red button which said "Delete this account"

lool anyways i did get to press it once :D thats when i was leaving them
Title: Re: Host configuration question
Post by: eeek on July 31, 2006, 12:22:32 PM
When I learned programming we were told all globals are bad in every programming language and all code we handed in had to have no globals :)

its an easy option but everything can be done without globals, it just requires more thought :) Most newish half decent php scripts should be coded to run with globals off.  Id say if you come accross something that needs them on, its old and you should get a newer better script. :)
Title: Re: Host configuration question
Post by: G6Cad on July 31, 2006, 12:24:34 PM
Thanks guys for the explanation :)

The new admin page on my host have a lot of new things i havent seen before, so as usuall i read the manual to it, but that was something i didnt understand even if a read it several times :)
Thanks for making it clear :D