Register Globals & PHP4
Using register_globals with PHP4
Customers using PHP4 with “Register_Globals” need to be aware of this!
This update is to provide notice to all customers that we have now disabled the PHP setting register_globals. As exploits increase which rely on this setting we have now made the change to make our servers more secure.
It’s now common for hosts to have register_globals switched off and script makers to use code which doesn’t rely on it. Customers who code their own PHP scripts should read the following where the security issues are detailed.
We are still able to provide hosting for customers who may still need this enabled.
Anyone affected should see if an updated script is available which uses secure code and doesn’t require the setting to be on. If this is a custom made script we suggest altering the code to make it secure with regard to register_globals.
If register_globals really needs to be “On” this can be done by adding the following line to a .htaccess file in the public_html directory
INSERT THIS INTO A .HTACCESS FILE: “php_value register_globals 1”
Any client making this change should be aware of the security risks of doing this. Also be prepared to take responsibility should a script compromise occur as a result of the setting. Customers are asked only to make the setting when really vital and not carry out the change on each and every account when not required.