----- Original Message -----
From: "Rory Browne" <rory.browne@xxxxxxxxx>
Good code won't be vulnerable to register_globals either, but having
register_globals on is a security problem because there are security flaws
that can only be exploited when register_globals is enabled.
Actually, code quality cannot overcome the vulnerability of
register_globals. Every program will have global variables.
register_globals=on may overwrite a valid global variable, one totally
unrelated to user input, with a value coming from the request, and there is
nothing good coding can do about it. The chances that an external user might
hit the right variable name are slim (unless a disgruntled former
programmer) but they exist.
Satyam
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
