Happy Friday!
I don't know anything about the innards of the PHP/Apache relationship. I am
wondering if there is a security advantage to using the getenv() function to
access an environment variable, instead of using the $HTTP_SERVER_VARS
array, or, if register_globals is on, the global version of the variable.
Using $SERVER_NAME as an example, and assuming register_globals is on, if
$foo = gentenv("SERVER_NAME");
$bar = $HTTP_SERVER_VARS["SERVER_NAME"];
are $foo, $bar and $SERVER_NAME guaranteed to have the same value? Can a
cracker poison one of these but not the other? Does getenv() get the value
from Apache or PHP's namespace?
You know what I'm getting at, right? ;)
TIA
Happy Friday!
Kirk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
