Wednesday, March 26, 2008

PHP register_globals are a thing of the past

We have joined the ever growing list of web hosting companies that have set register_globals to off, in the interest of security. Though I personally agree with those who say that it's not the configuration itself, but sloppy/unsecure code that causes issues, I also feel it's better to be safe than sorry.

For a long time there were still many server software applications that required register_globals on, but this practice is gradually fallen by the wayside, and now is fairly rare. In fact register_globals are now deprecated and being removed as of PHP 6.0.0. I don't expect PHP6 to be out any time soon (it's been in development since...2005?), and there was/has been/is great resistance from many web hosting companies to upgrade to v5.X (which we will be doing soon), since the jump between 4 and 5 (and what runs on each) is fairly significant and requires a lot of changes.

If you notice any issues relating to register_globals being turned off, please submit a support ticket and we'll see about creating a temporary over-ride for your domain, until you can make necessary changes in code or software.