Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Register Globals - ISP No Help


twalls

Recommended Posts

What is the definitive position on OScommerce regarding Register Globals.

 

ISP is UK2NET who has Register Globals Off and will not turn it on.

 

I believe my only option is to:

 

1) Move to new ISP who can do above (suggestions please).

 

2) Wait for MS3

 

Thanks

Link to comment
Share on other sites

Hi Tony

 

Please try the search function for this, there are many answers to this question. I'll save you a bit of trouble for now though, simply add:

 

php_value register_globals 1

 

to your .htaccess file. If your ISP permits it, this will enable globals on your site. This usually solves this problem.

 

Dan

Dan Stevens

Link to comment
Share on other sites

Dan,

 

php_value register_globals 1

 

to your .htaccess file.  If your ISP permits it, this will enable globals on your site.  This usually solves this problem.

 

Turning register globals "on" is considered a security risk, so modifying .htaccess as above does solve the problem, but apparently will also assist hackers.

 

Peter

Link to comment
Share on other sites

Dan,

 

php_value register_globals 1

 

to your .htaccess file.  If your ISP permits it, this will enable globals on your site.  This usually solves this problem.

 

Turning register globals "on" is considered a security risk, so modifying .htaccess as above does solve the problem, but apparently will also assist hackers.

 

Peter

1) register_globals on only is a security risk with sloppy code

osCommerce does not have any problems with it as all input / output is properly checked for manipulation

 

2) chances are your host will not allow you to set register_globals on through .htaccess.

 

 

I'd move host opposed to use hacks to make it work.

 

Regards

Matthijs

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

Hi Matthijs,

 

1) register_globals on only is a security risk with sloppy code

    osCommerce does not have any problems with it as all input / output is properly checked for manipulation

 

Okay, well considering the number of posts you have here, I'll take that as 'gospel'. I honestly have no idea on these matters, but when a "Sitepoint guru' tells me it should be turned off, then I start to wonder if the osCommerce sites i support are "safe".

 

However, you have now assured me that they are, thanks.

 

Obviously the Sitepoint advice was in general terms.

 

2) chances are your host will not allow you to set register_globals on through .htaccess.

 

It's actually set as local and master values as "on" now, and after being 'informed' of the risk, I was asking here, to see if I need to turn it off. After reading your reply, I will not bother now.

 

Hmm, what about the (albeit few) PHP files I have added to osCommerce, or the osC code that I modify. What particular things do I need to be aware of please.

 

Thanks, :)

 

Peter

 

PS As a 'sidenote', a person did try and pass an IP address to product_info.php the other day, in the hope of breaking the code to do a "passthru". The osCommerce code stopped it though, the attempted hack was unsuccessful. :D

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...