> I was trying to step back a bit and identify some of the patterns in > the attacks identified in the paper. One extremely popular pattern was > spoofing variables by overwriting them: GET variables overwriting > POST, usually, and I suggested that some SAPI stunt be pulled to catch > that. That's not the case. The default variable_order is EGPCS which means that POST variables will always overwrite GET variables of the same name. -Rasmus -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
- Re: [PHP-DEV] Security Issues Rasmus Lerdorf
- Re: [PHP-DEV] Security Issues Zeev Suraski
- Re: [PHP-DEV] Security Issues Heikki Korpela
- Re: [PHP-DEV] Security Issues Hartmut Holzgraefe
- Re: [PHP-DEV] Security Issues Zeev Suraski
- Re: [PHP-DEV] Security Issues Ramsi Sras
- Re: [PHP-DEV] Security Issues
- Re: [PHP-DEV] Security Issues - a bit of my experience Stephen van Egmond
- Re: [PHP-DEV] Security Issues - a bit of my experience Zeev Suraski
- Re: [PHP-DEV] Security Issues - a bit of my experience Stephen van Egmond
- Re: [PHP-DEV] Security Issues - a bit of my experience Rasmus Lerdorf
- Re: [PHP-DEV] Security Issues - a bit of my experience Zeev Suraski
- Re: [PHP-DEV] Security Issues - a bit of my experience Ramsi Sras
- Re: [PHP-DEV] Security Issues - a bit of my experience Sterling Hughes
- Re: [PHP-DEV] Security Issues - a bit of my experience Ramsi Sras
- Re: [PHP-DEV] Security Issues - a bit of my experience Jeffrey A . Stuart
- Re: [PHP-DEV] Security Issues - a bit of my experience Ramsi Sras
- Re: [PHP-DEV] Security Issues - a bit of my experience Phil Driscoll
- Re: [PHP-DEV] Security Issues - a bit of my experience Zeev Suraski
- Re: [PHP-DEV] Security Issues - a bit of my experience Stephen van Egmond
- Re: [PHP-DEV] Security Issues Phil Driscoll
