At 04:00 PM 5/25/2002 -0400, 1LT John W. Holmes wrote: Actually - i don't understand what the docs at PHP are talking about. care to enlighten me?
~kurth >Do you know what the security problems are? Do you realise that having >register_globals on or off isn't the security problem, it's how you write >your code? If you're not going to change any of your code, just turn on >register_globals. Changing your code to _POST or _GET and doing nothing else >isn't making it any more secure that using it the way it is with >register_globals on. > >---John Holmes... > >----- Original Message ----- >From: "Kurth Bemis (List Monkey)" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Saturday, May 25, 2002 3:23 PM >Subject: [PHP] 4.2.1 Vars > > > > > > After moving to php 4.2.1 my scripts that use xxx.php?blah=4 fail to work. > > > > I know that i need to turn register_globals on in my config, however I >know > > that there are security problems with this. So bascially I need to know > > how to make 500+ scripts work without editing a bunch of files to make it > > so that all my get and post vars start with $_POST and $_GET > > > > any ideas? > > > > ~kurth > > > > Kurth Bemis - Network/Systems Administrator, USAExpress.net/Ozone Computer > > > > Security is like an arms race; the best attackers will continue to search > > for more complicated exploits, so we will too. > > Quoted from http://www.openbsd.org/security.html > > > > [EMAIL PROTECTED] | http://kurth.hardcrypto.com > > PGP key available - http://kurth.hardcrypto.com/pgp > > > > Fight Weak Encryption! Donate your wasted CPU cycles to Distributed.net > > (http://www.distributed.net) > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > Kurth Bemis - Network/Systems Administrator, USAExpress.net/Ozone Computer "Jedi Business, Go back to your drinks" - Anakin Skywalker, AOTC [EMAIL PROTECTED] | http://kurth.hardcrypto.com PGP key available - http://kurth.hardcrypto.com/pgp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php