On 11/7/11 2:20 PM, Daniel C. wrote: > On Mon, Nov 7, 2011 at 12:39 PM, Wade Preston Shearer > Blindly importing any of the $GLOBALS into scope can do Bad Things. > Consider if you have a $host in your DB connection string, and someone > puts&host=TheirServerIP into the URL. Depending on the order you do > things, you could potentially import that into your local scope, > clobbering your own $host, and try to connect to their server with > your authentication data. Now they have your username and password.
That assumes that you have register_globals enabled, which implies that you don't care about security anyway. _______________________________________________ UPHPU mailing list [email protected] http://uphpu.org/mailman/listinfo/uphpu IRC: #uphpu on irc.freenode.net
