Register Globals & PHP4

Wednesday, March 15, 2006

Using REGISTER_GLOBALS with PHPv4

Customers using PHP4 with “Register_Globals” need to be aware of this!

This update is to notify all customers that we have disabled the PHP setting register_globals. As exploits that rely on this setting increase, we have made the change to make our servers more secure.

It’s now common for hosts to have register_globals switched off and script makers to use code that doesn’t rely on it. Customers who code their own PHP scripts should read the following, which details the security issues.

PHP Register Globals

We can still provide hosting for customers who may still need this enabled.

Anyone affected should see if an updated script that uses secure code and doesn’t require the setting to be on is available. If this is a custom script, we suggest altering the code to make it secure regarding register_globals.

If register_globals needs to be “On,” you can add the following line to a .htaccess file in the public_html directory.

INSERT THIS INTO A .HTACCESS FILE: “php_value register_globals 1”

Any client making this change should be aware of the security risks. Also, be prepared to take responsibility should a script compromise occur due to the setting.

Customers are asked only to make the setting when really vital and not carry out the change on each and every account when not required.

What is difference between php4 and php5?

PHP4 is powered by Zend Engine 1.0, while Zend Engine II powers PHP5.

In PHP4, constructors have the same name as the Class name, while in PHP5, we can declare a Constructor as _construct and a Destructor as _destruct().

PHP5 allows you to declare a class as abstract, while PHP4 does not.

If you have any questions about Migrating to PHP5, please do raise a support ticket or contact us.