Ya! I read the book and learned it from "Programming PHP" wroted by Rasmus ,page on 285,that said :
"It's important to understand that PHP itself is neither secure nor insecure. The security of your web applications is entirely determined by the code you write. " for example: //initialize your variables first; $play_mp3=false; $play_cd=false; $play_dvd=false; if($my_name && $my_pass && $mp3) { $play_mp3=ture; } -------------------------------------------- On Wed, 4 Jun 2003, Jay Blanchard wrote: > [snip] > Have register globals set to ON is one way of leaving your script open > to being exploitable. > [/snip] > > Please explain this, how does it make it more exploitable? I think that > this is only true if the code is sloppy. Correct, if you properly initialize your internal variables there is nothing insecure about leaving register_globals on. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php ----------------------------------- Fongming from Taiwan. ------------------------------------------ ◆From: 此信是由桃小電子郵件1.5版所發出... http://fonn.fongming.idv.tw [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php