Peter Petermann wrote:
> i dont think it is easier to write more secure applications
> with turning a feature of.
In this particular case, it would. There are several reported cases of
security-holes caused by this feature. Without it, there would be fewer
insecure PHP-applications out there.
Thats a fact. Thats the past. Now let's talk about the future.
Turning register_globals off won't fix old code. If code relies on
register_globals, people will "fix" it with foreach (Rasmus' example),
or by turning register_globals on.
But that's not the point. The point is that people who don't care about
security or coding style (beginners or professionals, doesn't really
matter) are less likely to write insecure code, because there's one
mistake less that they can make. As long as they stick to the defaults,
anyway.
regards
Wagner
--
Madness takes its toll. Please have exact change.
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
