On Sun, June 18, 2006 2:19 am, Satyam wrote: > ----- Original Message ----- > From: "Rory Browne" <rory.browne@xxxxxxxxx> > >> >> Good code won't be vulnerable to register_globals either, but having >> register_globals on is a security problem because there are security >> flaws >> that can only be exploited when register_globals is enabled. >> > > Actually, code quality cannot overcome the vulnerability of > register_globals. Every program will have global variables. You clearly do not really understand the meaning behind "register_globals" and "global variables" in PHP... :-) Or perhaps you don't consider initializing variables as code quality issue. Because if you initialize EVERY variable, register_globals on/off has zero effect. That said: Sooner or later, somebody will make a mistake and not initialize a variable, or even mis-type a variable name, or succumb to client demands and install some icky badly-written forum, shopping cart, blog, or whatever with un-initialized variables, and then you're screwed. So turn register_globals OFF. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
