2009/1/7 Lamp Lists <lamp.lists@xxxxxxxxx>: > hi guys, > I did php/mysql based website for one my client 7 years ago, in time when register_globals was on by default. > hosting company upgraded server to php5/mysql5 and turned globals off. the site is doesn't work any more. > I can define globals on again in .htaccess but rather not because it could be a big risk. The first point to make is that the risk is no higher now than it has been for the previous 7 years. Register_globals is not inherently insecure, it's the way people code their scripts which makes it open to abuse. > to work again I have to spend a lot of hours to modify the code. boring job. but, I'm more concern does client has to pay the changes/upgrade or it's still "my obligation"? > anybody had similar experience? Personally I'd tell the client that the host has upgraded the server software which has broken the site. It needs work and they need to pay for it. If they object tell them you can work around the issue but it means potentially exposing the site to potentially fatal security risks. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
