Re: [PHP] Re: Using register_globals

Leif K-Brooks Thu, 05 Jun 2003 02:33:37 -0700

It's true that register_globals being on only makes sloppy code more insecure. Most people aren't going to write perfect code, though. It's incredibly annoying to have to unset every variable that shouldn't be from an outside source. Even if you do so, it's very likely that you will forget one variable on one page. It will, of course, be the variable allowing admins to blow up a nuclear bomb over New York. :)

Jay Blanchard wrote:

[snip]
Have register globals set to ON is one way of leaving your script open
to being exploitable.
[/snip]

Please explain this, how does it make it more exploitable? I think that
this is only true if the code is sloppy.

Thanks!
Jay


--
The above message is encrypted with double rot13 encoding.  Any unauthorized attempt 
to decrypt it will be prosecuted to the full extent of the law.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Using register_globals

Reply via email to