RE: [suspicious - maybe spam] [PHP] [suspicious - maybe spam] RE: Issues with News sites again...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



[snip]
I would be very worried about the quality of any reply that posts a link 
that says the opposite of what the person is saying. Nowhere in that link 
did I see them say that turning on the globals was a security issue. The 
page said the misuse of the globals was the security risk due to forgetting 
to initialize variables and then goes on to show examples of the issue risks

if the globals aren't properly initialized. The security issues fall on the 
web designer not the ISP or PHP, ISP and PHP doesn't control if I forget to 
initialize something in my PHP scripts. The first two paragraphs even state 
that it is a web designer's problem (not in so many words though).
[/snip]


At the risk of starting another globals holy war, the reply that you
received was a generalization that reflects the potential (<---- NOTE THAT)
security risks from having register globals 'on'. The poster was essentially
correct, misuse of globals opens up a whole can of potential security
issues. I will refer you to several good PHP security resources at
http://www.shiflett.org

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux