Ya!
I read the book and learned it from "Programming PHP" wroted by Rasmus ,page on
285,that said :
"It's important to understand that PHP itself is
neither secure nor insecure. The security of your
web applications is entirely determined by the
code you write. "
for example:
//initialize your variables first;
$play_mp3=false;
$play_cd=false;
$play_dvd=false;
if($my_name && $my_pass && $mp3)
{
$play_mp3=ture;
}
--------------------------------------------
On Wed, 4 Jun 2003, Jay Blanchard wrote:
> [snip]
> Have register globals set to ON is one way of leaving your script open
> to being exploitable.
> [/snip]
>
> Please explain this, how does it make it more exploitable? I think that
> this is only true if the code is sloppy.
Correct, if you properly initialize your internal variables there is
nothing insecure about leaving register_globals on.
-Rasmus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
-----------------------------------
Fongming from Taiwan.
------------------------------------------
◆From: 此信是由桃小電子郵件1.5版所發出...
http://fonn.fongming.idv.tw
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
