The register_globals can be dangerous to turn on but it really depends on the quality of code that the shopping cart was written. See Examples below for explanation.
Say you had a script that looked like this.
<?PHP
$Q = "Select * from Stored CreditCards where User='$User'";
..... Retrive info from DB
..... Charge Credit Card
..... Do Other Stuff.
?>
With register_globals = on the I could do the following to the URL and force the systsem to bill someone else.
chargecredit.php?User=Joe
Basically if register_globals = off protects you from that type of URL hacking.
It just depends on how it is written and how thought out the shopping cart script is.
Hope this helped.
Jonathan Pitcher
On Monday, February 17, 2003, at 07:09 AM, Sam wrote:
I'm thinking of running a shopping cart package (osCommerce) that requires
register_globals to be enabled. With all the warnings about security with
register_globals enabled I'm worried.
How dangerous is it?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
