Posted by Daniel Ennis on 07/05/50 12:00

Kurda Yon wrote:
> Hi,
>
> in the home directory I put .htaccess with "register_globals 0".
> Obviously, all php-files from this directory will not take variables
> from the address line. But, as far as I understand, the .htaccess
> files influences on all files in the subdirectories so that they also
> cannot take the variables from the address line. Should it be like
> that?

Honestly if your host has register globals turned on, you really need to
be changing host. That's a big sign of improperly configured settings
and a major security risk. If your the owner of the server, you need to
turn register globals off by the main php.ini immediately.

Same goes for PHP4, any host not at least offering both at the same time
is a good sign its time to change host (FYI: PHP4 Is not even supported
anymore, as PHP5's been out for 4 years and PHP6 is due for release in
August).

And if your in a phpSuExec enviroment (which is a very good thing, as
its alot more secure and easier to access files without worrying about
proper chmod enabling your files to other users, and would be very odd
to have this but also have register globals on), you would not use
..htaccess, you would place a php.ini inside of the directory with your
scripts.

The only downside to the phpSuExec method of placing a php.ini in the
directory is that, if i recall correctly, it does not take place for sub
directories.

--
Daniel Ennis
faNetworks.net - Quality Web Hosting and Ventrilo Services
System Administrator / Web Developer
PHP Developer for 6 years
daniel@fanetworks.net

[Back to original message]