hi,
> If register_globals = off is highly recommended,
> why does the default php.ini have
> register_globals=on
> Many people do not change this.
this wouldnt realy help at all,
if you change this,
and you need those vars in a script, most people would do the same
like register_globals does.
the way to protect against this issue isnt switching this feature off,
it is writing code which protects against such attacks.
this is not a language issue, it is a
script-coder one,
if someone is not able to handle this,
he is not able to write scripts if register_globals is turned off
too
- Peter
--
*ZIMT - where PHP meets needs*
Homepage: www.cyberfly.net - [EMAIL PROTECTED]
PHP Usergroups: www.phpug.de - [EMAIL PROTECTED]
Just for Fun: www.fist-center.de - [EMAIL PROTECTED]
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
