Björn Schotte wrote:
>
> * Rasmus Lerdorf wrote:
> > significantly more secure PHP scripts out there. It will simply cause
> > scripts to break in non-obvious ways and the knee-jerk fix will be to
> > swear at those annoying PHP folks and then turn register_globals on, or
> > they will do something like:
> >
> > foreach($HTTP_POST_VARS as $key=>$val) $$key = $val;
> > foreach($HTTP_GET_VARS as $key=>$val) $$key = $val;
> > foreach($HTTP_COOKIE_VARS as $key=>$val) $$key = $val;
>
> I fully agree here with Rasmus and I also think this will
> be the workaround for most people -- if one _does_ care
> about security, he even knows what and how to do nowadays.
> I don't think turning register_globals to off will evangelize
> people to develop more secure scripts/applications.
We could at least educate people about extract(). :-P
- Stig
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
