This issue, is not really a security issue with witango, but you may
have heard something about it, because it is a big issue, in the php
community, and it has to do with a special setting, called
REGISTER_GLOBALS, that used to default to on pre php4.2, and now
defaults to off, and in my opinion, should never be turned on. To
understand the issue, you can look here:
http://us2.php.net/register_globals
--
Robert Garcia
President - BigHead Technology
VP Application Development - eventpix.com
13653 West Park Dr
Magalia, Ca 95954
ph: 530.645.4040 x222 fax: 530.645.4040
[EMAIL PROTECTED] - [EMAIL PROTECTED]
http://bighead.net/ - http://eventpix.com/
On Sep 10, 2006, at 6:34 PM, quicknote wrote:
I don't know anything about hacking, so this might be stupid
question, but
here it goes.
In my 'enter.TAF' I use args names like password, userid, and then as
necessary I assign them to variables with similar names.
Do hackers look for args & vars with these types of names?
Of course I keep these ARGS hidden and the site is encrypted etc,
but I was
just wondering if I should change the names of these args?
Janet Case, QSN
______________________________________________________________________
__
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
