On Thursday 14 March 2002 14:14, Analysis & Solutions wrote:


> The examples on that page are lame.  For example:
>    if($HTTP_COOKIE_VARS['username']){
>       // can only come from a cookie, forged or otherwise
>       $good_login = 1;
>       fpassthru ("/highly/sensitive/data/index.html");
>    }


Admittedly the example given in the manual wasn't very good or clear. Let's 
change the example slightly.

  if($HTTP_COOKIE_VARS['username']) {
    // can only come from a cookie, forged or otherwise
    $good_login = 1;

// later on ...
  if ($good_login) { 
    fpassthru ("/highly/sensitive/data/index.html"); }
  else {
    echo("Hello, you're not logged in!");

Now if register_globals was ON then it's a simple matter of passing a value 
in the URL to gain access to the sensitive data without actually having to 
log in:


If register_globals is OFF then the above ploy would not work because 
good_login would not automatically make it into the variable namespace.

Enabling register_globals is nice and convenient but it's very easy to shoot 
yourself in the foot if you don't track where your variables are coming from, 
or you don't initialise your variables properly.

Jason Wong -> Gremlins Associates -> www.gremlins.com.hk

Carmel, New York, has an ordinance forbidding men to wear coats and
trousers that don't match.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to