On Friday 21 December 2001 02:39, you wrote:
I believe (not sure so please clarify) that if your code was
if ($pwd == "goodpwd") $lethimin = 1;
else $lethimin = 0;
the code would be secure. only setting the variable when the pass is correct
would be too easy to crack right? since I'd call the page like
page.php?lethimin=bla
now it's a string with text which evals TRUE which is a major security breach
correct?
kind regards & happy holidays
> Hi everybody!
>
> Two things I consider urban myths about PHP (plus MySQL) - please let me
> know what you think of these:
>
> 1. The evil global variables
>
> Ok, the classic
> <?
> if ($pwd=="GOODPASSWORD")
> {
> $lethimin=1;
> }
> [bullshit code]
> if ($lethimin)
> {
> echo(fread(fopen("/etc/passwd","r")));
> }
> ?>
> is obviously valid. But let's be serious, who codes this? The example
> code is valid and it's easily crackable indeed, but you don't do that
> kind of thing - you do it in one step. Even if you really need the
> bullshit code in there for some obscure reason, this is the log in code
> damnit, anybody takes care of that!
>
> Why I raised this issue is because I think people tend to get paranoid
> about PHP. And that happens in both worlds - customers and developers.
> Nothing to say about customers, I'd be careful too if I heard some dude
> got intoxicated at a McDonald's in Bogota. My problem is with developers
> - they got it in their head that variables are your enemy and initialize
> everything nowadays - including local variables!
>
> My question to you guys is this: does anybody know of a real example of
> reasonably careful coding led to disaster with global variables?
>
> 2. Please enter your age: 25; drop database mysql
>
> Does this actually work?
>
> I've read at least a dozen articles telling people to get it in their
> blood not to trust users and addslashes to any king incoming data, as
> well as pass it as strings to mysql ("insert into person set age='$age'"
> instead of "insert into person set age =$age).
>
> So I decided I had to test this: I wrote the code exactly as in the
> example; I provided the exact dangerous input (well, to be honest, I
> tried a select instead of drop mysql). When I tried it, the presumably
> dangerous situation degraded into a trivial MySQL error. It went
> something like "You have an error near '; select 1+1'".
>
> Did you ever actually try this? Does it work on your system?
>
> Thanks in advance for the input!
>
> Bogdan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
