> On Wed, 4 Jun 2003, Jay Blanchard wrote: > > [snip] > > Have register globals set to ON is one way of leaving your script open > > to being exploitable. > > [/snip] > > > > Please explain this, how does it make it more exploitable? I think that > > this is only true if the code is sloppy. > > Correct, if you properly initialize your internal variables there is > nothing insecure about leaving register_globals on.
But how you know, if you have a few tausends of php code lines, which part have some sloppy code. Nobody is perfect. In my opinion you should turn register_globals to off if it's possible. It's much more secure. > > -Rasmus > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
