p2p.wrox.com Forums

Need to download code?

View our list of code downloads.


  Return to Index  

beginning_php thread: register globals, security and building around it


Message #1 by "John Arbon" <subscriptions@c...> on Wed, 29 May 2002 04:21:39
What insecurities do I face if I have register_globals = on?

And in order to work around passing values this way, would the best way be 
to use custom functions when dealing with sessions?

John
Message #2 by "Nikolai Devereaux" <yomama@u...> on Tue, 28 May 2002 20:18:34 -0700
> What insecurities do I face if I have register_globals = on?
  http://www.php.net/manual/en/security.registerglobals.php

> And in order to work around passing values this way, would the
> best way be
> to use custom functions when dealing with sessions?

Here's a good starter article.  I wish it was written when I first had to
write custom PHP4 session handlers.
  http://www.phpbuilder.com/columns/ying20000602.php3


take care,

nik

Message #3 by "David Scott-Bigsby" <DScott-Bigsby@P...> on Wed, 29 May 2002 10:32:10 -0700
> What insecurities do I face if I have register_globals =3D on?

You have to face your insecurities eventually.

;)

dsb

***************************************       
David Scott-Bigsby
Product Manager, Web Site and PEDN

PureEdge Solutions
The Leader in Secure XML e-Forms

v:250-708-8145  f:250-708-8010
1-888-517-2675   www.PureEdge.com
***************************************
Message #4 by "Laurie Tsakiris" <laurietsakiris@h...> on Wed, 29 May 2002 13:01:58 -0700
> What insecurities do I face if I have register_globals = >on?
>You have to face your insecurities eventually.
>;)
>dsb

COohlordyUGH

----- Original Message -----
From: "David Scott-Bigsby" <DScott-Bigsby@P...>
To: "beginning php" <beginning_php@p...>
Sent: Wednesday, May 29, 2002 10:32 AM
Subject: [beginning_php] RE: register globals, security and building around
it


> What insecurities do I face if I have register_globals = on?

You have to face your insecurities eventually.

;)

dsb

***************************************
David Scott-Bigsby
Product Manager, Web Site and PEDN

PureEdge Solutions
The Leader in Secure XML e-Forms

v:250-708-8145  f:250-708-8010
1-888-517-2675   www.PureEdge.com
***************************************



  Return to Index