> having register_globals 'on' is only a security risk if the code is sloppy.
We're in agreement here, Jay. I see turning register_globals off as a band-aid fix for poor coding rather than a rule of thumb. That 'off' was made the default only recently emphasizes this, in my opinion. Edward Dudlik Becoming Digital www.becomingdigital.com ----- Original Message ----- From: "Jay Blanchard" <[EMAIL PROTECTED]> To: "CM Miller" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, 11 June, 2003 08:04 Subject: RE: Can't insert data from Apache/PHP [snip] Sorry, but I am a bit behind on MySQL digest, but isn't turning Register Globals 'on' for php a security risk? [/snip] We recently had this discussion on the PHP-General list and the upshot is that having register_globals 'on' is only a security risk if the code is sloppy. PHP allows this as the variables are not strongly typed and most developer fail to do any checking of variables to make sure that they contain what they want them to contain. Turning register_globals 'off' does not take care of that. It just adds another layer of abstraction to certain vaariables (such as GET, POST, etc) which is still vulnerable if the developer does not do a good job of taking care with his or her variables. HTH! Jay -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
