There has been a lot of recent discussion on how the PHP directive register_globals can cause security issues if enabled, and how this is causing Drupal installation issues for Yahoo! SB Web Hosting users. Browsing through the Yahoo! SBWH’s PHP documentation, I came across this Q&A:
Q: Does Yahoo! support the register_globals directive?
A: The PHP community has chosen to deprecate the register_globals directive, as its misuse could result in insecure code. To help protect all of our customers, Yahoo! now defaults register_globals off for all accounts opened after May 2008.
If you signed up for your Web Hosting account before May 2008, however, register_globals is still on by default. For your security, we recommend reviewing the PHP community’s documentation on register_globals carefully as you develop your scripts.
Note that register_globals will soon be removed completely from PHP, so we recommend writing scripts that will not rely on the directive.
See the original Yahoo page.
It remains to be seen how Yahoo! addresses this issue for users who signed up before May 2008.
[…] Yahoo’s SB Web Hosting: Update On PHP register_globals […]