Change font size Change Width
Advanced Search
 

Joomla! Discussion Forums



It is currently Thu Nov 26, 2009 9:03 am (All times are UTC )

 

Board index » Other Forums » The Lounge » Archived Boards - All boards closed » FAQ Archive



Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 
  Print view Previous topic | Next topic 
Author Message
rliskey
Posted: Sun Oct 01, 2006 10:13 pm 
User avatar
Joomla! Guru
Joomla! Guru
Offline

Joined: Tue Jun 06, 2006 7:41 am
Posts: 808
Location: Third planet from Sol
Overview
Many shared server environments currently run .php scripts using the PHP4 interpreter and .php5 code using the PHP5 interpreter. Rather than changing all your file extensions, and perhaps breaking many links, use a .htaccess file to dynamically map one extension to the other.

IMPORTANT CAVEAT:One common reason for doing this is that hosts leave PHP4 configured with register_globals ON in order to support legacy code while offering PHP5 with register_globals OFF.  If you are on a shared server at a host that has configured register_globals ON server wide, you should be very worried!

Turning register globals OFF via a local php.ini or a .htaccess file will NOT offer you any extra protection. Another exploited account on your server can simple hack yours. For server security, and since php 4.2, register globals is OFF server wide by default (php default). Any host overriding this is inviting trouble. If you need register globals ON for a specific site, simple use a .htaccess file for that specific directory, and server wide security will not be compromised. Of course, if you do this be sure all effected scripts fully sanitize input data.

Requirements
1. Your Apache server must be configured to use .htaccess files. If not, you may be able to request this from your host.
2. Your Apache configuration must allow the following setting. If not, you may be able to request this from your host.
3. Your host must have configured the .php and .php5 file extensions as described above. If not, they may possibly have chosen other extensions. Check with your host.

Directions
1. Check to be sure your site is configured to use .htaccess files.

2. Make a backup of the .htaccess file in your root public_http directory. If you don't have a .htaccess file at this location, create one now.

3. There are various ways to set the comman, depending on your server configuration. One of the following will probably work. Add ONE the following lines at the end of your .htaccess file. If unsure which to use, check with your hosting provider on which version works best for your configuration.
Code:
AddType x-mapp-php5 .php
AddHandler application/x-httpd-php5 .php
AddHandler cgi-php5 .php


4. Carefully test.

5. Delete the backup .htaccess file. Don't leave backups of .htaccess files in public directories.

Back to Security FAQ Table of Contents

Search Keywords: htaccess, .htaccess, PHP5, PHP4

_________________
Web Home: http://www.ronliskey.com
Support http://support.educationgrove.com

Last edited by rliskey on Mon Mar 26, 2007 4:29 am, edited 1 time in total.

Top
  E-mail  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 

Quick reply

 


Board index » Other Forums » The Lounge » Archived Boards - All boards closed » FAQ Archive

Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
 
 
 
 
 

© 2005-2009 Open Source Matters, Inc. All rights reserved. Joomla hosting by Rochen Ltd.