At 02:18 26/07/2001, Ron Chmara wrote:
>>   If most of the PHP apps out there are or were vulnerable to 
>> register_globals=on attacks, we can't (shouldn't) blame the whole world, 
>> but fix the language instead.
>I'd suggest fixing the code religion instead, but changing faiths is hard. 
>:-) If they aren't checking their vars before processing, no language 
>would fix it, would it?

Most would, actually.  Pretty much any language which requires you to 
declare variables, or, that doesn't allow external sources to declare 
variables, does not have this problem.  PHP is quite unique in that sense, 
which is why I agree that the language is at fault.  Of course, declaring 
and not initializing your variable is still a programming error, but it's 
much less severe and much less prone to exploits than this problem.


PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to