* Rasmus Lerdorf wrote:
> significantly more secure PHP scripts out there. It will simply cause
> scripts to break in non-obvious ways and the knee-jerk fix will be to
> swear at those annoying PHP folks and then turn register_globals on, or
> they will do something like:
>
> foreach($HTTP_POST_VARS as $key=>$val) $$key = $val;
> foreach($HTTP_GET_VARS as $key=>$val) $$key = $val;
> foreach($HTTP_COOKIE_VARS as $key=>$val) $$key = $val;
I fully agree here with Rasmus and I also think this will
be the workaround for most people -- if one _does_ care
about security, he even knows what and how to do nowadays.
I don't think turning register_globals to off will evangelize
people to develop more secure scripts/applications.
--
PHP Schulungen und | International PHP Conference
Schulungsmaterial: | 05. - 07.11.2001
http://thinkphp.de/ | Astron Hotel, Frankfurt
http://rent-a-phpwizard.de/schulungen.php | http://www.php-kongress.de/
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
