Ben Harris
New member
Hi Everyone,
I'm currently in the process of tightening up the security on a few shared hosting servers and was wondering a few things.
1) Obviously register_globals is a major security risk, so naturally, it is disabled by default in my php configurations, however, it is possible to re-enable it using the .htaccess directive php_flag display_errors On for example. Is there a way to restrict such a clause while still allowing php_flag display_errors Off For example?
2) The same as question 1, however with regards to php's runtime configuration with ini_set (e.g. ini_set('register_globals', 1)
. Is it possible to disable using the register_globals clause, but still allow setting the memory limit or display errors for example.
PHP Handler: DSO
Web Server: Apache (although you probably guessed that)
Thanks
I'm currently in the process of tightening up the security on a few shared hosting servers and was wondering a few things.
1) Obviously register_globals is a major security risk, so naturally, it is disabled by default in my php configurations, however, it is possible to re-enable it using the .htaccess directive php_flag display_errors On for example. Is there a way to restrict such a clause while still allowing php_flag display_errors Off For example?
2) The same as question 1, however with regards to php's runtime configuration with ini_set (e.g. ini_set('register_globals', 1)
. Is it possible to disable using the register_globals clause, but still allow setting the memory limit or display errors for example.PHP Handler: DSO
Web Server: Apache (although you probably guessed that)
Thanks