Erik Price wrote: > > On Tuesday, April 23, 2002, at 06:48 AM, Rouvas Stathis wrote: > > >> This change improves your security, so it'd be rational to be happy > >> about > >> it. > > > > No it doesn't. It just provides another excuse for lazy programming. > > Nothing will save a lazy programmer or one that doesn't understand basic > > principles. > > While I agree that it doesn't improve security much if the coder was > already using $HTTP_SESSION_VARS (which he/she should have been doing), > it definitely does not promote lazy programming. If anything, > registering all the variables as global promotes lazy programming! > Sure, it's convenient to be able to access a variable with this shorter > method, but do you really want all of these different session variables, > post variables, get variables, cookie variables, and server variables > sharing the same global namespace/scope? (I use that last term loosely.)
Preventing namespace pollution...now you convince me. I used the term "lazy programming" without explaining what I meant, hence the misunderstanding. I refer to "lazy programming" in the sense of not properly and thoroughly checking user input, or as I believe, any input from external to you code sources. If you don't do that I don't believe that anything will save you. Promoting superglobals as a security enhanchment, no I don't buy that. -Stathis. > > IMHO that is much lazier than using superglobals with register_globals > off. > > Erik > > ---- > > Erik Price > Web Developer Temp > Media Lab, H.H. Brown > [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
