> I'm thinking of running a shopping cart package (osCommerce)
> that requires
> register_globals to be enabled. With all the warnings about
> security with
> register_globals enabled I'm worried.
>
> How dangerous is it?
The key defensive step is to initialize all of your session variables at
yeh, I'd strongly agree with Jonathan's view that quality of the code can
mitigate against the dangers of register_globals.
FYI, an interesting article on php vulnerabilities is at:
http://www.securereality.com.au/studyinscarlet.txt
David Eisenhart
"Jonathan Pitcher" <[EMAIL PROTECTED]> wrote i
Sam,
The register_globals can be dangerous to turn on but it really depends
on the quality of code that the shopping cart was written. See
Examples below for explanation.
Say you had a script that looked like this.
$Q = "Select * from Stored CreditCards where User='$User'";
. Retriv
I'm thinking of running a shopping cart package (osCommerce) that requires
register_globals to be enabled. With all the warnings about security with
register_globals enabled I'm worried.
How dangerous is it?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.ph
Refer to the PHP Manual for details.
http://www.php.net/manual/en/language.variables.external.php
The Manual is worth to read :)
(Don't forget to read FAQ also, it seems FAQ is updated recently)
Regards,
--
Yasuo Ohgaki
""hi"" <[EMAIL PROTECTED]> wrote in message
9acn9h$bgp$[EMAIL PROTECTED]">
hi [[EMAIL PROTECTED]] wrote:
> Hi,
>
> Could someone explain what the following passage in php.ini means:
>
> You should do your best to write your scripts so that they do not require
> ; register_globals to be on; Using form variables as globals can easily
> lead
> ; to possible security pro
> Could someone explain what the following passage in php.ini means:
>
> You should do your best to write your scripts so that they do not require
> ; register_globals to be on; Using form variables as globals can easily
> lead
> ; to possible security problems, if the code is not very well thou
Hi,
Could someone explain what the following passage in php.ini means:
You should do your best to write your scripts so that they do not require
; register_globals to be on; Using form variables as globals can easily
lead
; to possible security problems, if the code is not very well thought of
8 matches
Mail list logo
