Re: FN-FORUM: Register globals on or off??

date posted 8th May 2007 21:06

lee fogarty wrote:
> I have recieved a site recently that needs completing. The thing is,
> in the .htaccess file, register globals is forced on.
>
> Surely not a good thing?
>
> The only reason I ask is that I never have register globals on.
> However, this site wasn't done by an amature so I am starting to doubt
> whether my thoughts on site security are entirely accurate.

It can be a very bad sign if someone relies on register globals being
on, but it depends on how the code handles the incoming data and any
variables. I've been known to use it on occassions, though I try not
to, but then I always initialise my variables and all genuine input
data is passed through a filter process that validates it into an
array.

If your code is set up on the basis that any undeclared variable could
have something nasty in it then register globals is not bad in itself.
Some people fail to follow good coding practice in initialising
variables though and that can be dangerous in combination with
register globals being switched on.