Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

register_globals

Status
Not open for further replies.
tweenerz

tweenerz

Programmer
Joined
Mar 25, 2002
Messages
202
Location
US
Could someone explain to me what having register_globals turned on does and why it is a security risk?

I realize that is turns server and environment variables into ready-to-use variables in your script, but that is the limit of my knowledge on the subject. I don't understand why that is a risk.

Thanks
 
Sort by date Sort by votes
For one,it could allow user entered text to be potentially mailicous by having globals off.

___________________________________
[morse]--... ...--[/morse], Eric.
 
Upvote 0 Downvote
Thanks sleipnir.

So it is mainly a programmer issue. If the programmer develops stable and well defined code, it doesn't matter what register_globals is set to. It is when you start assuming values that you get into trouble.
 
Upvote 0 Downvote
There are additional reasons not directly related to security that the link I posted doesn't cover.

One is portability. If you write your code assuming that register_globals is "off", you code will still run on another system that has that value set to "on". The converse is not true.

Another is maintainability. Six months after you've written a piece of code, you may not remember how the value got into $username -- and the chance of this happening increase with code complexity and time. But $_POST['username'] will be self-evident.



Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
Very true.

My only concern was that if I coded as if register_globals was off, was there still a security issue. And I gather the answer is no.

So the moral of the story is - 'Assume register_globals is off and you should be fine.'
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

kodr
  • Locked
  • Question Question
$_POST and register_globals=off
Replies
6
Views
272
vacunita
vacunita
brokenhalo
  • Locked
  • Question Question
register_globals issue with OsCommerce shopping cart
Replies
2
Views
163
jpadie
jpadie
Spidy6123
  • Locked
  • Question Question
file upload - register_globals is deactivated - plz help
Replies
3
Views
122
jpadie
jpadie
frozenpeas
  • Locked
  • Question Question
Problems with switching to disabled register_globals
Replies
4
Views
89
vbkris
vbkris
JASONE25
  • Locked
  • Question Question
How to set register_globals to ON in apachee 2
Replies
3
Views
186
sleipnir214
sleipnir214

Part and Inventory Search

Sponsor

Back
Top