There was a problem loading the comments.

IIS and register_globals

Support Portal  »  Knowledgebase  »  Viewing Article

  Print
PHP has disabled register_globals as it is a serious security risk, more information is available at http://php.net/manual/en/security.globals.php . This feature has been used by many for sql injection attacks, more information is available at http://php.net/manual/en/security.database.sql-injection.php .

Hence enabling register_globals globally for all sites on server is a huge security risk that we cannot justify to other clients, that donot want this feature. IIS by it's very nature doesnot allow local PHP environments per website, like LAMP allows. Any .htaccess file uploaded to a IIS server will have no impact unless the server is Apache. We only use IIS for Windows hosting.

LAMP with Apache server does allow local PHP environment per website, through a local htaccess specification or local php.ini file.

So what are your options ?
==========================
We recommend, contact the script author and request him to provide the latest version of the script where register_globals is not required. Should that be a constraint, then you could do one of the following,

(1) Get a hosting account on our LAMP servers, move the website there and enable register_globals in local PHP enviornment -

http://www.indichosts.net/hosting/linux/index.htm

(2) Get a virtual. Create your custom PHP enviornment with IIS and register_globals enabled. -

http://www.indichosts.net/virtualservers.htm


Share via
Did you find this article useful?  

Related Articles


Comments

Add Comment

Replying to  


Self-Hosted Help Desk Software by SupportPal
© Indichosts.net