[snip] Sorry, but I am a bit behind on MySQL digest, but isn't turning Register Globals 'on' for php a security risk? [/snip]
We recently had this discussion on the PHP-General list and the upshot is that having register_globals 'on' is only a security risk if the code is sloppy. PHP allows this as the variables are not strongly typed and most developer fail to do any checking of variables to make sure that they contain what they want them to contain. Turning register_globals 'off' does not take care of that. It just adds another layer of abstraction to certain vaariables (such as GET, POST, etc) which is still vulnerable if the developer does not do a good job of taking care with his or her variables. HTH! Jay -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
