Hi, Sunday, June 18, 2006, 5:19:20 PM, you wrote: S> ----- Original Message ----- S> From: "Rory Browne" <rory.browne@xxxxxxxxx> >> >> Good code won't be vulnerable to register_globals either, but having >> register_globals on is a security problem because there are security flaws >> that can only be exploited when register_globals is enabled. >> S> Actually, code quality cannot overcome the vulnerability of S> register_globals. Every program will have global variables. S> register_globals=on may overwrite a valid global variable, one totally S> unrelated to user input, with a value coming from the request, and there is S> nothing good coding can do about it. The chances that an external user might S> hit the right variable name are slim (unless a disgruntled former S> programmer) but they exist. S> Satyam Just get into the habit of setting all variables to known values before using them will take care of this problem. Set the warning level to E_ALL and get warned when using variables that have not been set to good values while in the development phase. -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
