error with auto install

[Ninjakreborn]

I am having a major problem, I know enough about php to know register globals is a security issue, I tried installing os commerce, and zen shopping cart, one then the other, when I try to go to the admin area I get
[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]
Server Requirement Error: register_globals is disabled in your PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your catalog directory.
[/quote]
and I won't use something I have to enable register globals on, that is not good, I don't trust either of those if that's the case, and they are popular so I am assuming something is wrong, any ideas.

[poirot]

They may simply require register_globals to be on, probably because their code wasn't made for register_globals off and they're too lazy to modify it :lol:

But since register_globals is PHP_INI_PERDIR:
[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Entry can be set in php.ini, .htaccess or httpd.conf [/quote]
So you can install the script in some directory and set register_globals on only in that dir

[Ninjakreborn]

isn't that a bad idea, for security purposes though. I didn't think it would be at first, but I have heard some really bad things about using register_globals, and the bad thing is, I had this error message with OC Commerce, and Zen Shopping cart, and there 2 of the most popular that is what is confusing me.

[poirot]

Yes, bad things can happen if someone codes a script that relies on register_globals AND has some vulnerability caused by it. But this doesn't mean these scripts are not secure enough.

If you think ZenCart and OSCommerce guys can create a safe script, enable it PER DIR. Else, don't install the scripts and try to find something else.

[Ninjakreborn]

Or can't I just download them, since there open source, and play with there php programming until I situate it to where they work with register globals on, it shouldn't take long to change all the variable with the proper $_POST, $_GET and whatever else is needed.

[Advancewebsoft]

Hello,

A register_globals=on is not a security issue for Oscommerce. Especially for Ms2.2 version. It have some vulnerabilites, of course,
but very very low (i.e. someone could steal customers info - name, surname, telephone) - also not so easy. And thats all, no security leaks within register_globals. But if you wish to use register_globals=OFF besides, you could use one of the contributions made for this, search a community/ contributions of the official oscommerce site, or wait until MS3 release will be out - it will have this support.