> I think the main point I agree with is that since many beginning users
> use PHP to implement there websites, PHP should be more secure than
> other languages, and have less places where the user can mess up. I
> think the security section to the documentation is a superb start,
> however, I also think that PHP5.0 since we are breaking language compat,
> perhaps we should turn off register_globals by default? I just see to
> many chances for fscking up things big time when using that
> functionality....
I still don't agree on this particular point. All this does is limit
where data can come from.
For example, the basic thing you are trying to avoid by turning
register_globals off is something like this:
<?
system($a);
?>
This is a bit of an extreme case, sure, but in the end it boils down to
using an uninitialized variable for something.
So we turn off register_globals and change the code to:
<?
system($HTTP_POST_VARS['a']);
?>
Would you honestly call this more secure? In order for someone to exploit
either of these scripts they would typically download the script assuming
it was some publically distributed application and locate uninitialized
variables used incorrectly. The only difference in exploiting the
register_globals = off case is that they would have to spoof a POST var
instead of being able to use a GET. There is no increased security here.
And what worries me is that I have run into people who think that by using
code like this with register_globals off they actually think it is secure.
To really try to fix this we would need a concept similar to Perl's taint
capability where PHP refuses to use anything that somehow comes from the
user that has not been untainted.
-Rasmus
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
