PhpSecInfo Test Information
This test determines if the register_globals setting is enabled.
When register_globals is enabled, PHP will automatically create variables in the global scope for any value passed in GET, POST or COOKIE. This, combined with the use of variables without initialization, has lead to numerous security vulnerabilities. Since application developers should be aware when accessing tainted user input, it is better practice to access the variables through their respective super globals.
register_globals will not be available in PHP 6.
register_globals should always be disabled.
You can disable it in the php.ini file:
; Disable register_globals for security reasons register_globals = 'off'
The setting can also be disabled in apache's httpd.conf file, or an .htaccess file:
# Disable register_globals for security reasons php_flag register_globals off