* Rasmus Lerdorf wrote:
> significantly more secure PHP scripts out there.  It will simply cause
> scripts to break in non-obvious ways and the knee-jerk fix will be to
> swear at those annoying PHP folks and then turn register_globals on, or
> they will do something like:
>   foreach($HTTP_POST_VARS as $key=>$val) $$key = $val;
>   foreach($HTTP_GET_VARS as $key=>$val) $$key = $val;
>   foreach($HTTP_COOKIE_VARS as $key=>$val) $$key = $val;

I fully agree here with Rasmus and I also think this will
be the workaround for most people -- if one _does_ care
about security, he even knows what and how to do nowadays.
I don't think turning register_globals to off will evangelize
people to develop more secure scripts/applications.

PHP Schulungen und                        | International PHP Conference
Schulungsmaterial:                        |             05. - 07.11.2001
http://thinkphp.de/                       |      Astron Hotel, Frankfurt
http://rent-a-phpwizard.de/schulungen.php |  http://www.php-kongress.de/

PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to