right!
On Sep 12, 2006, at 10:21 AM, Robert Garcia wrote:
correction, we use session variables.
--
Robert Garcia
President - BigHead Technology
VP Application Development - eventpix.com
13653 West Park Dr
Magalia, Ca 95954
ph: 530.645.4040 x222 fax: 530.645.4040
[EMAIL PROTECTED] - [EMAIL PROTECTED]
http://bighead.net/ - http://eventpix.com/
On Sep 12, 2006, at 10:04 AM, Ben Johansen wrote:
Hi,
Robert and I struggled with this when setting up the framework we
would be using.
Robert Found a class structure known as a Singleton which gives us
our Application/Domain Scoping.
as for User we use Session Cookies
and Local/Request Scope is just var defined within there context.
In our efforts there hasn't been anything that Is done in Witango
that can't be emulated in PHP 5+
Ben
On Sep 12, 2006, at 9:23 AM, William M Conlon wrote:
IMO this has been a major issue with php, and why, until recently,
I would not run mod_php in my production environment. There are
applications that rely on globals, so that can be an issue.
But I'm only replying to emphasize the benefit of Witango's
namespaces (SCOPE). To my knowledge, the php language doesn't
natively support variable isolation based on what we consider to
be the natural namespaces in web applications -- user, application
and domain.
On Sep 12, 2006, at 9:15 AM, Robert Garcia wrote:
This issue, is not really a security issue with witango, but you
may have heard something about it, because it is a big issue, in
the php community, and it has to do with a special setting,
called REGISTER_GLOBALS, that used to default to on pre php4.2,
and now defaults to off, and in my opinion, should never be
turned on. To understand the issue, you can look here:
http://us2.php.net/register_globals
--
Robert Garcia
President - BigHead Technology
VP Application Development - eventpix.com
13653 West Park Dr
Magalia, Ca 95954
ph: 530.645.4040 x222 fax: 530.645.4040
[EMAIL PROTECTED] - [EMAIL PROTECTED]
http://bighead.net/ - http://eventpix.com/
On Sep 10, 2006, at 6:34 PM, quicknote wrote:
I don't know anything about hacking, so this might be stupid
question, but
here it goes.
In my 'enter.TAF' I use args names like password, userid, and
then as
necessary I assign them to variables with similar names.
Do hackers look for args & vars with these types of names?
Of course I keep these ARGS hidden and the site is encrypted
etc, but I was
just wondering if I should change the names of these args?
Janet Case, QSN
___________________________________________________________________
_____
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
____________________________________________________________________
____
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
Bill
William M. Conlon, P.E., Ph.D.
To the Point
345 California Avenue Suite 2
Palo Alto, CA 94306
vox: 650.327.2175 (direct)
fax: 650.329.8335
mobile: 650.906.9929
e-mail: mailto:[EMAIL PROTECTED]
web: http://www.tothept.com
_____________________________________________________________________
___
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
_____________________________________________________________________
___
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
______________________________________________________________________
__
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
Bill
William M. Conlon, P.E., Ph.D.
To the Point
345 California Avenue Suite 2
Palo Alto, CA 94306
vox: 650.327.2175 (direct)
fax: 650.329.8335
mobile: 650.906.9929
e-mail: mailto:[EMAIL PROTECTED]
web: http://www.tothept.com
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
