> If register_globals = off is highly recommended,
> why does the default php.ini have
> register_globals=on
> Many people do not change this.

this wouldnt realy help at all,
if you change this,
and you need those vars in a script, most people would do the same
like register_globals does.

the way to protect against this issue isnt switching this feature off,
it is writing code which protects against such attacks.

this is not a language issue, it is a
script-coder one,
if someone is not able to handle this, 
he is not able to write scripts if register_globals is turned off 

- Peter

*ZIMT - where PHP meets needs*
Homepage: www.cyberfly.net - [EMAIL PROTECTED]
PHP Usergroups: www.phpug.de - [EMAIL PROTECTED]
Just for Fun: www.fist-center.de - [EMAIL PROTECTED]

PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to