[snip] I would be very worried about the quality of any reply that posts a link that says the opposite of what the person is saying. Nowhere in that link did I see them say that turning on the globals was a security issue. The page said the misuse of the globals was the security risk due to forgetting to initialize variables and then goes on to show examples of the issue risks if the globals aren't properly initialized. The security issues fall on the web designer not the ISP or PHP, ISP and PHP doesn't control if I forget to initialize something in my PHP scripts. The first two paragraphs even state that it is a web designer's problem (not in so many words though). [/snip] At the risk of starting another globals holy war, the reply that you received was a generalization that reflects the potential (<---- NOTE THAT) security risks from having register globals 'on'. The poster was essentially correct, misuse of globals opens up a whole can of potential security issues. I will refer you to several good PHP security resources at http://www.shiflett.org -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
