I just found out what a bad idea it is to have register_globals turned on. The thing is, on my host, PHP is running as a CGI binary, so I can't just disable it via .htaccess.
So... As a nonroot user, how can I turn off register_globals when PHP is run as a CGI binary?
Turning off register_globals...
Moderator: General Moderators
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
I don't think you can. However, if you code well using the predefined arrays such as $_POST and $_GET, always making sure that user input comes from where you expect it to you should be fine. Have register_globals off on your home config so that development is done in that type of environment then it won't matter a lot what the live environment is like.
BTW, register_globals being off does not inherently make your code secure, instead it just makes it more difficult to write insecure code.
Mac
BTW, register_globals being off does not inherently make your code secure, instead it just makes it more difficult to write insecure code.
Mac