Hi, Even with register globals off isn't it possible to have a webpage
like this:
html
head
/head
h2Hello, ?php echo $_SERVER['PHP_AUTH_USER']; ?
pI know your password is ?php echo $_SERVER['PHP_AUTH_PW']; ?
body
/body
html
Is there a way to make sure apache doesn't set the $SERVER['PHP_AUTH_PW
Friday, April 30, 2004, 5:37:15 PM, thus was written:
Hi, Even with register globals off isn't it possible to have a webpage
like this:
Not sure what you are asking. You can have a webpage like this. And I
guess it even does what it should - print the information.
html
head
/head
h2Hello,
Thanks for the response. I basically have an environment analogous to an
internal ISP. A lot of corporate users that have the ability to make web
pages for the intranet etc. Basically management wants PHP turned off
now because a rogue user could potentially gather and store people's
passwords
Yes. My understanding turning globals off stops using $PHP_AUTH_PW directly.
Hi, Even with register globals off isn't it possible to have a webpage
like this:
html
head
/head
h2Hello, ?php echo $_SERVER['PHP_AUTH_USER']; ?
pI know your password is ?php echo $_SERVER['PHP_AUTH_PW']; ?
Patrick Hutchinson wrote:
Thanks for the response. I basically have an environment analogous to an
internal ISP. A lot of corporate users that have the ability to make web
pages for the intranet etc. Basically management wants PHP turned off
now because a rogue user could potentially gather
5 matches
Mail list logo