--- Raditha Dissanayake <[EMAIL PROTECTED]> wrote:
> At the risk of starting another flame war: IMHO switching off register
> globals and relying on $_POST etc can lull you into a false sense of
> security.
I agree, and this is more true with the safe_mode directive, which I have
always thought was poorly named (although I don't have a better
suggestion).
Disabling register_globals is a good thing, however, and it at least
forces developers to understand where their data is coming from. This is a
good first step, in my opinion.
Chris
=====
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
http://www.nyphp.org/ramp
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
