 |
 |
 |
 |
|
|
Date: 07/28/01
- Next message: Stig S. Bakken: "Re: [PHP-DEV] Chora installed"
- Previous message: f.lamonica <email protected>: "[PHP-DEV] Bug #12451: compilation halts on libmysql extension"
- In reply to: Björn Schotte: "Re: [PHP-DEV] Security Issues"
- Next in thread: Ramsi Sras: "Re: [PHP-DEV] Security Issues"
- Reply: Ramsi Sras: "Re: [PHP-DEV] Security Issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Björn Schotte wrote:
>
> * Rasmus Lerdorf wrote:
> > significantly more secure PHP scripts out there. It will simply cause
> > scripts to break in non-obvious ways and the knee-jerk fix will be to
> > swear at those annoying PHP folks and then turn register_globals on, or
> > they will do something like:
> >
> > foreach($HTTP_POST_VARS as $key=>$val) $$key = $val;
> > foreach($HTTP_GET_VARS as $key=>$val) $$key = $val;
> > foreach($HTTP_COOKIE_VARS as $key=>$val) $$key = $val;
>
> I fully agree here with Rasmus and I also think this will
> be the workaround for most people -- if one _does_ care
> about security, he even knows what and how to do nowadays.
> I don't think turning register_globals to off will evangelize
> people to develop more secure scripts/applications.
We could at least educate people about extract(). :-P
- Stig
-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Stig S. Bakken: "Re: [PHP-DEV] Chora installed"
- Previous message: f.lamonica <email protected>: "[PHP-DEV] Bug #12451: compilation halts on libmysql extension"
- In reply to: Björn Schotte: "Re: [PHP-DEV] Security Issues"
- Next in thread: Ramsi Sras: "Re: [PHP-DEV] Security Issues"
- Reply: Ramsi Sras: "Re: [PHP-DEV] Security Issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]