On 04-Jun-2003 Jason Wong wrote:
> In case 1, a malicious person can bypass your password checks by passing
> admin=1 in the URL.
>
>> As Rasmus has correctly pointed out, the usage of "register_globals=off"
>> per se cannot be considered a security measure. If you don't initialize
>> and/or check *all* user-supported variables, you're dead. It's as simple
>> as that. Is it annoying? Maybe. Is it necessary? *yes*
>
> I tend to think of it as a safety net.
>
> Of course the problems with case 1 could be prevented by explicitly
> initialising the variables ...
>
> if ($user == 'me' && $password == 'correct') {
> $admin = TRUE; }
> else {
> $admin = FALSE;
> }
>
True. If everybody initialized variables or PHP errored out on
undeclared vars then the question wouldn't have come up.
> ... and extra meticulous coding:
>
> if ($admin === TRUE) { list_all_members_sordid_details(); }
>
Using a global like that could be an example of problem code.
Sensitive stuff should be within a well defined routine:
function isadmin() {
global $PHP_AUTH_USER, $PHP_AUTH_PW;
static $admlogin=FALSE, $didit=FALSE;
if ($didit)
return($admlogin);
$didit=TRUE;
if ((strcmp($PHP_AUTH_USER, ADMINNAME) |
strcmp($PHP_AUTH_PW, ADMINPASS)) == 0 )
$admlogin=TRUE;
return($admlogin);
}
...
if (isadmin()) ...
<rant>
register_globals=off won't make good code any better --it's just
a safety net for the sloppy coders.
The real lesson is: Don't be (or hire) a sloppy programmer.
I understand why the PHP team made reg_g=off as the default. I don't
like it, but i understand why.
The main thing I don't like is that it seems to coddle the LCD of
bad code.
A craftsman rarely learns good practice if s/he is insulated from the
results of bad practice.
</rant>
IMHO, of course.
Regards,
--
Don Read [EMAIL PROTECTED]
-- It's always darkest before the dawn. So if you are going to
steal the neighbor's newspaper, that's the time to do it.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
