On Friday 21 December 2001 02:39, you wrote:

I believe (not sure so please clarify) that if your code was
if ($pwd == "goodpwd") $lethimin = 1;
else $lethimin = 0;

the code would be secure. only setting the variable when the pass is correct 
would be too easy to crack right? since I'd call the page like 
now it's a string with text which evals TRUE which is a major security breach 

kind regards & happy holidays

> Hi everybody!
> Two things I consider urban myths about PHP (plus MySQL) - please let me
> know what you think of these:
> 1. The evil global variables
> Ok, the classic
> <?
>   if ($pwd=="GOODPASSWORD")
>   {
>     $lethimin=1;
>   }
>   [bullshit code]
>   if ($lethimin)
>   {
>     echo(fread(fopen("/etc/passwd","r")));
>   }
> ?>
> is obviously valid. But let's be serious, who codes this? The example
> code is valid and it's easily crackable indeed, but you don't do that
> kind of thing - you do it in one step. Even if you really need the
> bullshit code in there for some obscure reason, this is the log in code
> damnit, anybody takes care of that!
> Why I raised this issue is because I think people tend to get paranoid
> about PHP. And that happens in both worlds - customers and developers.
> Nothing to say about customers, I'd be careful too if I heard some dude
> got intoxicated at a McDonald's in Bogota. My problem is with developers
> - they got it in their head that variables are your enemy and initialize
> everything nowadays - including local variables!
> My question to you guys is this: does anybody know of a real example of
> reasonably careful coding led to disaster with global variables?
> 2. Please enter your age: 25; drop database mysql
> Does this actually work?
> I've read at least a dozen articles telling people to get it in their
> blood not to trust users and addslashes to any king incoming data, as
> well as pass it as strings to mysql ("insert into person set age='$age'"
> instead of "insert into person set age =$age).
> So I decided I had to test this: I wrote the code exactly as in the
> example; I provided the exact dangerous input (well, to be honest, I
> tried a select instead of drop mysql). When I tried it, the presumably
> dangerous situation degraded into a trivial MySQL error. It went
> something like "You have an error near '; select 1+1'".
> Did you ever actually try this? Does it work on your system?
> Thanks in advance for the input!
> Bogdan

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to