Happy Friday!

I don't know anything about the innards of the PHP/Apache relationship. I am
wondering if there is a security advantage to using the getenv() function to
access an environment variable, instead of using the $HTTP_SERVER_VARS
array, or, if register_globals is on, the global version of the variable.
Using $SERVER_NAME as an example, and assuming register_globals is on, if

$foo = gentenv("SERVER_NAME");

are $foo, $bar and $SERVER_NAME guaranteed to have the same value? Can a
cracker poison one of these but not the other? Does getenv() get the value
from Apache or PHP's namespace?

You know what I'm getting at, right? ;)


Happy Friday!


PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to