--- Fernando Melo <[EMAIL PROTECTED]> wrote:
> I was not making an assumption. I was stating a fact.
> "I get these using $_POST"
>
> I did NOT state that register_globals needs to be on to do what I'm
> doing.
If you're going to make false claims about what you previously said, you
might want t
---
From: Chris Shiflett [mailto:[EMAIL PROTECTED]
Sent: 13 November 2003 17:07
To: Fernando Melo; '[EMAIL PROTECTED]'
Subject: Re: [PHP] register_globals & security
--- Fernando Melo <[EMAIL PROTECTED]> wrote:
> I have a PHP application that passes variables (values) f
--- Raditha Dissanayake <[EMAIL PROTECTED]> wrote:
> At the risk of starting another flame war: IMHO switching off register
> globals and relying on $_POST etc can lull you into a false sense of
> security.
I agree, and this is more true with the safe_mode directive, which I have
always thought
--- Fernando Melo <[EMAIL PROTECTED]> wrote:
> I have a PHP application that passes variables (values) from a form.
> I get these using $_POST
>
> However I do also post some variables via a link. Which ofcourse
> requires register_globals to be ON.
This is a common problem I see on this list. Wh
with regards to security.
-Original Message-
From: Raditha Dissanayake [mailto:[EMAIL PROTECTED]
Sent: 13 November 2003 15:24
To: [EMAIL PROTECTED]
Subject: Re: [PHP] register_globals & security
Hi,
There is also a $_REQUEST variable.
At the risk of starting another flame war: IMHO swit
[snip]
There is also a $_REQUEST variable.
At the risk of starting another flame war: IMHO switching off register
globals and relying on $_POST etc can lull you into a false sense of
security.
[/snip]
***applause***
Bottom-lineas I just said in another threadinitialize your
variables an
Yup I still don't see how it improves anything with regards to security.
-Original Message-
From: Raditha Dissanayake [mailto:[EMAIL PROTECTED]
Sent: 13 November 2003 15:24
To: [EMAIL PROTECTED]
Subject: Re: [PHP] register_globals & security
Hi,
There is also a $_REQUEST var
still picked up the same way from a URL
-Original Message-
From: Jon Haworth [mailto:[EMAIL PROTECTED]
Sent: 13 November 2003 13:28
To: [EMAIL PROTECTED]
Subject: Re: [PHP] register_globals & security
Hi Fernando,
I have a PHP application that passes variables (values) from a fo
On Thu, Nov 13, 2003 at 01:55:08PM +0200, Fernando Melo wrote:
: Jon Haworth responded:
: : Fernando Melo wrote:
: : >
: : > I have a PHP application that passes variables (values) from a form.
: : > I get these using $_POST
: : >
: : > However I do also post some variables via a link. Which ofcou
Thanks.
I don't see how this makes it more secure though?
The values are still picked up the same way from a URL
-Original Message-
From: Jon Haworth [mailto:[EMAIL PROTECTED]
Sent: 13 November 2003 13:28
To: [EMAIL PROTECTED]
Subject: Re: [PHP] register_globals & sec
Hi Fernando,
> I have a PHP application that passes variables (values) from a form.
> I get these using $_POST
>
> However I do also post some variables via a link. Which ofcourse requires
> register_globals to be ON.
Do you mean variables in a URL, like this:
www.example.com/index.php?foo=1&bar
Hi everyone,
I have a PHP application that passes variables (values) from a form.
I get these using $_POST
However I do also post some variables via a link. Which ofcourse requires
register_globals to be ON.
I would like to secure this application. What would be the best way of
doing this and
12 matches
Mail list logo
