Привет!
Patrick Teague wrote:
> Hello,
>
> Considering all of this... Would it be better simply to turn
> register_globals = On if the vast majority of the stuff you have on your
> site is simple search engine type stuff and/or GET variables?
Well, such stuff needs NOT security, nedless to say. But *any* site
needs to work properly. Besides, having the register_globals off does
not require gigantic mental efforts to get your values.
Personally I think that a register_globals off environment is educative,
in that it forces you to think about the way data gets passed a bit more
than usually. And an aware programmer is better then one who just
"believes" in the fact that his next script is gonna get the stuff it
needs.
But whether you have your register_globals on or off variable content
validation is still up to your own code, and that's where 99% of
security lies. Blocking the globals just bloks anyone from poisoning an
*internal* variable of your scripts, legally passed values must be
validated as they where before.
пока
Альберто
Киев
@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@-_=}{=_-@
LoRd, CaN yOu HeAr Me, LiKe I'm HeArInG yOu?
lOrD i'M sHiNiNg...
YoU kNoW I AlMoSt LoSt My MiNd, BuT nOw I'm HoMe AnD fReE
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is
tHe TeSt, YeS iT iS
ThE tEsT, yEs It Is.......
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
