Hello list,

php4.1 recommends to set register_globals=off in php.ini to make php
more strict.  My question is, if I turn off register_globals, what will
happen if any malicious user just try to modify the variable values in
the url? Say,


Does it work if user just change the value in the URL directly and send
the url directly to web server?

How can we avoid the malicious attack by directly http GET/POST with
modified parameter values to make possible system error or compromise?

Patrick Hsieh <[EMAIL PROTECTED]>
GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to